blog/Articles

Articles

Linux "Copy Fail" Vulnerability Threatens Servers Worldwide. Three Days to the Deadline

Linux kernel's new critical vulnerability "Copy Fail" (CVE-2026-31431) is public. Just 732 bytes of code can seize admin privileges on every major distribution. CISA's deadline is May 15. A four-layer defense framework you can act on today.

2026.05.129 min11 views

revil-gandcrab-unkn-bka-identified-cover-en

News

[Breaking] German Police Unmask REvil/GandCrab Leader 'UNKN' as 31-Year-Old Russian

Global CompaniesSecurity

Germany's BKA identifies 31-year-old Russian Daniil Shchukin as the leader of GandCrab and REvil ransomware groups. Over €35 million in damage, 130+ attacks, and the face behind the Kaseya supply-chain attack.

2026.04.078 min9 views

News

LinkedIn Silently Scans 6,000+ Chrome Extensions on Every Page Load

Global CompaniesSecurityPrivacy

LinkedIn has been scanning 6,236 Chrome extensions on every page load while collecting device telemetry. German nonprofit Fairlinked published technical evidence, independently verified by BleepingComputer.

2026.04.058 min6 views

chrome-zero-day-cve-2026-5281-webgpu-dawn-cover-en-png

News

Chrome's 4th Zero-Day of 2026: WebGPU Dawn Flaw Triggers CISA Emergency Patch Directive

SecurityGlobal Companies

Google releases an emergency Chrome update to fix CVE-2026-5281, a use-after-free in Dawn's WebGPU implementation already exploited in the wild. CISA orders patching by April 15. This is Chrome's fourth zero-day of 2026.

2026.04.037 min6 views

claude-code-source-leak-npm-2026-cover-en

News

Claude Code Source Code Leaked: 512K Lines Exposed via npm, Hidden Features Revealed

SecurityAIDevelopment

Anthropic's Claude Code leaked 512,000 lines of TypeScript via an npm source map. Hidden features including a Tamagotchi pet system and autonomous agent mode were exposed. We explain the technical cause and how developers can prevent the same mistake.

2026.04.028 min13 views

axios-npm-supply-chain-attack-rat-cover-en

News

[Alert] Axios Hijacked: RAT Pushed to 100M Weekly Downloads via npm

DevelopmentSecurity

The popular JavaScript HTTP client axios was hijacked. Versions 1.14.1 and 0.30.4 contained a cross-platform RAT. Google/Mandiant attributed the attack to North Korea-linked UNC1069.

2026.04.018 min8 views

ai-changed-software-development-2026-cover-en

Roundup

[Roundup] AI Made Development Faster. Then Quietly Broke Things.

SecurityDevelopmentAI

AI made development 10x faster. It also multiplied security vulnerabilities. A data-driven analysis of both the benefits and the crises AI has brought to software development, as of March 2026.

2026.03.3012 min21 views

teampcp-supply-chain-cascade-trivy-cover-en

News

[Breaking] A Cascade Started from Trivy. 4 OSS Projects Fell in 10 Days

InfrastructureDevelopmentSecurity

A supply chain attack on Trivy cascaded into Checkmarx, LiteLLM, and Telnyx in 10 days. CISA added to KEV. Microsoft and others published analysis.

2026.03.3010 min10 views

laravel-livewire-rce-iran-muddywater-cover-en

News

[Breaking] Critical RCE in Laravel Livewire Exploited by Iranian State Hackers

DevelopmentSecurity

CVSS 9.8 Laravel Livewire vulnerability (CVE-2025-54068) actively exploited by Iranian state-sponsored APT MuddyWater. No authentication required for full server takeover. CISA deadline: April 3.

2026.03.308 min13 views