An anonymous researcher, "bikini," has released exploit codes for zero-day vulnerabilities in 15 software products without prior notice. Two vulnerabilities, in libssh2 and Gitea, have already been exploited in attacks.
The autonomous AI penetration testing tool "Strix" has been unveiled, featuring dynamic code execution for provable vulnerability detection and CI/CD integration, gaining attention as an alternative to manual penetration testing.
Theft and fraud targeting mailed checks are on the rise in the U.S., with "check washing" and mailbox "fishing" becoming widespread. Experts warn that mailing checks should be entirely avoided.
The Linux Foundation, in collaboration with Amazon, Anthropic, OpenAI, NVIDIA, Microsoft, and others, has launched "Akrites." The initiative aims to protect critical open-source software (OSS) by addressing the rapid increase in vulnerabilities discovered by AI/LLMs, establishing a coordinated disclosure process and a dedicated security incident response team.
AWS announces "AWS Continuum," a new service that prioritizes vulnerabilities by considering code scans, infrastructure configurations, access controls, network topology, and business priorities. Designed to avoid reliance on specific AI models.
Microsoft has acknowledged the Defender vulnerability CVE-2026-50656, exploiting a race condition to gain System privileges. CVSS 7.8, PoC released. No patch provided yet.
Honda Civic's Android software packages signed with AOSP test keys allow arbitrary code execution via USB physical access, making it a target for Evil Maid attacks.
A second wave of malware attacks has been confirmed in the Arch Linux AUR. The first wave infected over 1,500 packages. The second wave uses code obfuscation to evade detection, employing more advanced techniques.
Apple's security team rewrote the TrueType font hinting interpreter from C to Swift, achieving an average 13% performance improvement and releasing the source code.
EFF kicks off Season 2 of its digital rights Q&A for the LGBTQ+ community for Pride Month, offering practical advice on online privacy—from choosing photos on dating apps to staying safe during protests.
A critical vulnerability found in "Cannabis Club Systems," software for Spanish cannabis clubs, leaves nearly 1 million photo IDs unprotected on a public URL with no password.