現地時間2026年5月19日にセキュリティアドバイザリを公開。特定環境下において、認証なしにリモートより悪用できるヒープバッファオーバーフローの脆弱性「CVE-2026-8711」について明らかにしたもの。

CrowdStrike, Google, and the Shadowserver Foundation dismantled the GlassWorm malware operation, but experts say the broader ...

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Massive regional C2 footprint More than 1.3K C2 Servers Discovered in the Middle East Hunt.io said it identified more than ...

米当局は、ソフトウェアのサプライチェーン侵害に起因する脆弱性3件について注意を呼びかけた。 米サイバーセキュリティインフラストラクチャセキュリティ庁（CISA）は現地時間2026年5月27日、「CVE-2026-8398」「CVE-2026-45321」「CVE-2026-48027」を「悪用が確認された脆弱性カタログ（KEV）」へ追加した。いずれも提供元の侵害や正規経路による配布など、サプライチ ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

CrowdStrike, Google, and the Shadowserver Foundation dismantled the GlassWorm malware operation, but experts say the broader ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...