Application Security
TeamPCP compromised the Checkmarx Jenkins AST Plugin on May 9, the third attack on Checkmarx in three months. The Dune-themed defacement reads "Checkmarx fails to rotate secrets again." Either secrets rotation was incomplete or TeamPCP retained access through an unremediated persistence mechanism.
Supply Chain Attack
Malicious Docker images and VS Code extensions steal IaC secrets; Bitwarden npm trusted publishing abused in a sophisticated DevSecOps attack chain. TEL AVIV, IL — In a cascading security failure that strikes at the heart of modern DevSecOps, the prominent security vendor Checkmarx has confirmed a multi-stage supply chain compromise affecting
Artificial Intelligence (AI)
By leveraging Anthropic’s Claude Opus 4.6, a security researcher has successfully developed a working Chrome exploit for roughly $2,300 — demonstrating that the cost of weaponizing known vulnerabilities is plummeting toward commodity pricing. ABINGDON, UK — A watershed moment in the intersection of AI and offensive security was confirmed
Artificial Intelligence (AI)
A systemic design choice in the Model Context Protocol (MCP) allows arbitrary command execution across the AI ecosystem. Despite 10+ critical CVEs and a 150-million download "blast radius," Anthropic maintains the behavior is expected. SAN FRANCISCO, CA — A foundational vulnerability has been identified at the heart of the
Trending
Threat actors are increasingly leveraging the inherent trust of major SaaS platforms to deliver phishing lures directly through legitimate system-generated alerts. SAN FRANCISCO, CA — Security researchers have identified a sophisticated shift in phishing tactics, where attackers are bypassing traditional email gateways by abusing the automated notification systems of GitHub and