β οΈ #Vercel hacked.
The popular platform behind tens of thousands of AI apps and the creator of NextJS framework has confirmed a breach. Hackers claiming to be ShinyHunters are selling stolen customer + employee data:
#databreach
π
www.bleepingcomputer.com/news/securit...
Want to present a talk at the #OWASP Global #AppSec Conference 2026 in San Francisco in November?
Call For Papers is now open
π
#Nginx: A critical vulnerability CVE-2026-33032 in Nginx UI with Model Context Protocol (#MCP) support is now being exploited in the wild for full server takeover without authentication.
π
Our April meetup has started and we have @manicode live on stage right now coding in Claude and talking about
Securing Claude Code: Guardrails for AI-Assisted Development
Watch the live-stream πΊ here:
π
www.youtube.com/live/icDqYJ5...
#AWS introduced Agentic Penetration Testing - while everyone is going crazy about Mythos, if you are on AWS you can have an AI Agent relentlessly finding and validating vulnerabilities 24/7:
#Pentesting
π
#Axios - yet another issue with this popular #NPM library: A newly discovered critical vulnerability CVE-2026-40175 in axios has exposed countless web & cloud apps to potential Remote Code Execution (#RCE) and full infrastructure compromise:
π
#Booking.com warns customers of a #databreach - attackers accessed the database including names, emails, phone numbers, booking details & anything shared with the property. It is unclear if passport details were stolen too, payment info unaffected:
π
securityaffairs.com/190757/data-...
#PDF Adobe Acrobat Reader Critical Vulnerability CVE-2026-34621 affects
* Acrobat DC versions 26.001.21367 and earlier
* Acrobat Reader DC versions 26.001.21367 and earlier
* Acrobat 2024 versions 24.001.30356 and earlier
π
thehackernews.com/2026/04/adob...
So once you have figured it out, you need to train another AI with your knowledge, and configure it as a router to send the prompts to the best AI model for the job
#OpenAI is impacted by #Axios supply chain breach, its MacOS desktop apps #ChatGPT and #Codex are affected and new updated versions issued:
π
openai.com/index/axios-...
#Claude Code Can Be Manipulated via CLAUDE.md file to Run SQL Injection Attacks:
#AISecurity
π
#Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access:
π
thehackernews.com/2026/04/dock...
The next OWASP London Chapter meetup is on April 14th 2026.
Talks from Jim Manico, @diniscruz.bsky.social and Claudio Merloni.
Register to attend here:
π
www.eventbrite.co.uk/e/owasp-lond...
I was asked if this is true or BS and a quick check in my browser showed that this is true and in fact there is even more data collected if you start digging into it:
π
#Claude: Three Command Injection Bugs in Claude Code CLI Allow Credential Exfiltration:
π
#Rowhammer: New Rowhammer attacks give complete control of machines running Nvidia GPUs:
π
#Claude Code vulnerable to prompt injection due to subcommand limit
#AISecurity
π
www.scworld.com/brief/claude...
β οΈ#Axios #npm package which is very widely used (83M weekly downloads) was compromised, turning installs into #malware π¨
This supply chain attack has a large-scale impact: many JavaScript apps nowadays uses Axios:
#SoftwareSupplyChainSecurity
π
thehackernews.com/2026/03/axio...
#AI: "Copilot Edited an Ad Into My PR!" - in a first report of this kind #GitHub #Copilot injected an ad into a Pull Request text:
π
notes.zachmanson.com...
#OpenAI: recent vulnerabilities showed how AI systems can expose sensitive data:
* One allowed sensitive conversation data to be exfiltrated
* Another enabled GitHub token theft from Codex using the branch name parameter
#AISecurity
π thehackernews.com/2026/03/open...
#LiteLLM Compromised! LiteLLM - a popular Python Library used by a lot of AI tooling got compromised on PyPI, and the malicious versions are stealing everything they can find on your machine:
#SoftwareSupplyChainSecurity
π
#Checkmarx GitHub Actions and Open VSX extensions hacked and replaced with malware by the same TeamPCP who hacked Trivy last week.
#SoftwareSupplyChainSecurity
π
#Citrix Urges Patching Critical NetScaler Vulnerabilities CVE-2026-3055 & CVE-2026-4368 Allowing Unauthenticated Data Leaks. This looks like another incarnation of #CitrixBleed!
Defenders need to act quickly. Patch Now!
π
#Trivy, a popular open-source vulnerability scanner, was compromised - attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer.
It ran in CI pipelines, stealing creds and tokens, exfiltrating data:
#SoftwareSupplyChainSecurity
π
thehackernews.com/2026/03/triv...
Today I am re-watching: "Achieving Secure Continuous Delivery" - a talk presented by Lucian Corlan and Chris Rutter at the OWASP London Chapter meetup back in 2016. Featuring #ChuckNorris meme:
#SecureSDLC
π
#telnet: Yet Another Critical Unauthenticated Root RCE #vulnerability CVE-2026-32746 discovered in legacy inetUtils Telnet - no user interaction and no special network position required.
Telnet is still in use in old switches, routers, ICS/IoT, cameras:
π
#OpenClaw: Never thought I'd see a picture of #Nvidia CEO Jensen Huang with claws - but here it is on my computer screen this morning and Nvidia has now launched a 'secure and enterprise-ready' open-source plugin for OpenClaw called #NemoClaw:
π
github.com/NVIDIA/Ne...
#GitHub seems to be suffering a lot getting hit by traffic from #AI bots scraping the code these days - I keep getting 'Too Many Requests' when following links to various GitHub repos:
github.blog/changelo...
UK #Government Companies House confirms security #vulnerability exposed millions of UK companies' sensitive data including directors' dates of birth and residential addresses via a flaw introduced in October 2025:
#CompaniesHouse
www.bleepingcomputer.com/news/securit...
#Chrome: Google released security updates for its Chrome web browser to address two high-severity #zeroday #vulnerabilities CVE-2026-3909 & CVE-2026-3910 that it said have been exploited in the wild. Make sure to update your Chrome today! (restart it):
π