{ "posts": [ { "slug": "shai-hulud-npm-worm-intercom-client-2026", "title": "Shai-Hulud closes the loop: how the worm reached intercom-client in 24 hours", "description": "The Shai-Hulud worm closed its loop in 24 hours: OIDC tokens from April 29 npm victims published intercom-client@7.0.4 the next day.", "type": "threat-intel", "cve": null, "cvss": null, "product": null, "actors": null, "campaign": "Shai-Hulud", "targetSectors": [ "Developer tooling", "SaaS", "Customer success platforms", "Cloud infrastructure" ], "targetRegions": [ "Global" ], "tags": [ "threat-intel", "npm", "supply chain", "worm", "OIDC", "credential theft", "TeamPCP" ], "date": "2026-05-04T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/shai-hulud-npm-worm-intercom-client-2026", "hasArtifacts": false, "artifactsUrl": null }, { "slug": "bun-runtime-supply-chain-stealer-april-2026", "title": "The Bun runtime is becoming the malware delivery vehicle of 2026", "description": "Two supply-chain compromises in 48 hours both fetch Bun and run an obfuscated credential stealer. Lightning PyPI and four SAP CAP npm packages, both Team PCP.", "type": "threat-intel", "cve": null, "cvss": null, "product": null, "actors": null, "campaign": "Mini Shai-Hulud", "targetSectors": [ "Software development", "Cloud infrastructure" ], "targetRegions": [ "Global" ], "tags": [ "threat-intel", "supply chain", "npm", "PyPI", "Bun", "credential theft", "Team PCP" ], "date": "2026-04-30T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/bun-runtime-supply-chain-stealer-april-2026", "hasArtifacts": false, "artifactsUrl": null }, { "slug": "teampcp-supply-chain-campaign-tracking", "title": "Team PCP: tracking a six-week supply-chain campaign through Trivy, Checkmarx, Bitwarden, and beyond", "description": "A self-spreading credential-theft campaign that has chained through six security-tooling vendors since March 2026. Patterns, IOCs, and detection guidance.", "type": "threat-intel", "cve": null, "cvss": null, "product": null, "actors": null, "campaign": "Team PCP", "targetSectors": [ "Software development", "Security tooling", "Cloud infrastructure" ], "targetRegions": [ "Global" ], "tags": [ "threat-intel", "supply chain", "GitHub Actions", "npm", "PyPI", "Team PCP", "CanisterWorm" ], "date": "2026-04-30T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/teampcp-supply-chain-campaign-tracking", "hasArtifacts": false, "artifactsUrl": null }, { "slug": "vercel-oauth-supply-chain-april-2026", "title": "Vercel's April 2026 incident: an OAuth-app supply chain in three hops", "description": "Vercel's April 2026 breach moved from a third-party AI tool to a Workspace account to internal Vercel access. The OAuth-app supply-chain pattern in detail.", "type": "threat-intel", "cve": null, "cvss": null, "product": null, "actors": null, "campaign": "Vercel April 2026 incident", "targetSectors": [ "SaaS", "Cloud platforms", "Developer infrastructure" ], "targetRegions": [ "Global" ], "tags": [ "threat-intel", "OAuth", "Google Workspace", "third-party risk", "supply chain", "identity", "Vercel" ], "date": "2026-04-30T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/vercel-oauth-supply-chain-april-2026", "hasArtifacts": false, "artifactsUrl": null }, { "slug": "ai-agent-confused-deputy-pattern", "title": "The AI agent as confused deputy: a 2026 attack class", "description": "Four recent CVEs reveal the AI agent as confused deputy: privileged process, attacker-controlled input. The class named, mapped, and defended.", "type": "analysis", "cve": null, "cvss": null, "product": null, "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "AI agents", "confused deputy", "threat modeling", "capability security", "isolation", "security architecture" ], "date": "2026-04-29T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/ai-agent-confused-deputy-pattern", "hasArtifacts": false, "artifactsUrl": null }, { "slug": "ai-ide-marketplace-security-telemetry", "title": "Where AI-IDE threats actually live: telemetry beyond the dark web", "description": "Dark-web sweeps come up empty for AI-IDE threats — but the threat exists. It's on the legitimate marketplace. Where to look and what to alert on.", "type": "analysis", "cve": null, "cvss": null, "product": null, "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "AI IDE", "Cursor", "VS Code", "OpenVSX", "supply chain", "detection engineering" ], "date": "2026-04-29T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/ai-ide-marketplace-security-telemetry", "hasArtifacts": false, "artifactsUrl": null }, { "slug": "ai-coding-agent-cves-patch-priority", "title": "Four AI-coding-agent-stack CVEs you should patch first", "description": "A short cluster of CVEs has hit the runtime stack AI coding agents rely on — npm install, Docker, LangChain, model loaders. Patch order and structural fixes.", "type": "analysis", "cve": null, "cvss": null, "product": null, "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "AI agents", "AI supply chain", "Docker", "npm", "LangChain", "RCE", "patching" ], "date": "2026-04-29T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/ai-coding-agent-cves-patch-priority", "hasArtifacts": false, "artifactsUrl": null }, { "slug": "copyfail-time-to-criminalization-seven-days", "title": "CopyFail crossed onto a carding forum in seven days. Here's why that matters.", "description": "CVE-2026-31431 was disclosed on April 22. By April 30 it was an active thread on a carding forum's Exploits section. The seven-day crossing tells you which Linux LPE class the criminal market actually buys.", "type": "analysis", "cve": null, "cvss": null, "product": null, "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "threat intelligence", "Linux LPE", "dark web", "criminal markets", "CVE-2026-31431", "patch prioritization" ], "date": "2026-04-29T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/copyfail-time-to-criminalization-seven-days", "hasArtifacts": false, "artifactsUrl": null }, { "slug": "cve-2026-31431-copyfail-linux-page-cache-lpe", "title": "CVE-2026-31431: Copy Fail — four bytes into the Linux page cache for root", "description": "A 2017 algif_aead in-place optimization lets an unprivileged user write four controlled bytes into the page cache of any readable file. 732-byte exploit, no race condition, every Linux distribution since 2017 — including across containers.", "type": "cve", "cve": "CVE-2026-31431", "cvss": 7.8, "product": "Linux kernel — algif_aead (AF_ALG cryptographic socket)", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "Linux kernel", "LPE", "page cache", "AF_ALG", "container escape", "Dirty Pipe" ], "date": "2026-04-29T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-31431-copyfail-linux-page-cache-lpe", "hasArtifacts": false, "artifactsUrl": null }, { "slug": "cve-2026-2091-linux-io-uring-race-lpe", "title": "CVE-2026-2091: io_uring race turns any local user into root", "description": "A TOCTOU race in the Linux io_uring fixed-file-table cleanup path lets any unprivileged user trigger a use-after-free on the task credentials struct, leading to root. Working PoC public. CVSS 7.8. Patched in 6.8.9, 6.7.11, 6.6.28 LTS.", "type": "cve", "cve": "CVE-2026-2091", "cvss": 7.8, "product": "Linux kernel (io_uring subsystem)", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "Linux", "kernel", "io_uring", "local privilege escalation", "race condition", "use-after-free" ], "date": "2026-04-24T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-2091-linux-io-uring-race-lpe", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-2091-linux-io-uring-race-lpe" }, { "slug": "cve-2026-34567-vmware-vcenter-unauth-rce-ssrf-chain", "title": "CVE-2026-34567: Unauthenticated vCenter RCE via SSRF-to-JMX chain", "description": "A pre-auth SSRF in vCenter's vROps plugin lets an attacker reach the internal ActiveMQ JMX broker and trigger deserialization RCE as the vpxd service account. CVSS 9.6. Patched in 8.0 U3c, 7.0 U3r. Exploitation observed in the wild.", "type": "cve", "cve": "CVE-2026-34567", "cvss": 9.6, "product": "VMware vCenter Server 7.x and 8.x", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "VMware", "vCenter", "SSRF", "JMX", "deserialization", "unauthenticated RCE", "ransomware target" ], "date": "2026-04-24T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-34567-vmware-vcenter-unauth-rce-ssrf-chain", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-34567-vmware-vcenter-unauth-rce-ssrf-chain" }, { "slug": "cve-2026-40815-kubernetes-admission-webhook-privesc", "title": "CVE-2026-40815: Kubernetes admission-webhook bypass hands over cluster-admin", "description": "A bug in kube-apiserver's webhook resolution lets a low-privilege user register a MutatingWebhookConfiguration that forges admission responses, bypassing RBAC and yielding cluster-admin. CVSS 9.0. Patched in 1.29.14, 1.30.10, 1.31.6.", "type": "cve", "cve": "CVE-2026-40815", "cvss": 9, "product": "Kubernetes (kube-apiserver)", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "Kubernetes", "admission controller", "privilege escalation", "cluster-admin", "cloud-native", "RBAC bypass" ], "date": "2026-04-24T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-40815-kubernetes-admission-webhook-privesc", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-40815-kubernetes-admission-webhook-privesc" }, { "slug": "cve-2026-7733-langchain-python-repl-sandbox-escape", "title": "CVE-2026-7733: LangChain PythonREPL tool sandbox escape via __import__", "description": "A missing check in LangChain's PythonREPLTool lets attacker-controlled prompts reach arbitrary `__import__` calls, breaking the documented sandbox. Any LangChain agent exposed to untrusted user input becomes a remote code execution surface. CVSS 9.6.", "type": "cve", "cve": "CVE-2026-7733", "cvss": 9.6, "product": "LangChain (PythonREPLTool, 0.1.x through 0.2.26)", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "LangChain", "AI agents", "prompt injection", "sandbox escape", "Python", "AI tooling", "RCE" ], "date": "2026-04-24T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-7733-langchain-python-repl-sandbox-escape", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-7733-langchain-python-repl-sandbox-escape" }, { "slug": "cve-2026-12091-npm-postinstall-maintainer-takeover", "title": "CVE-2026-12091: npm postinstall supply-chain hijack via maintainer-account takeover", "description": "Five widely-installed npm packages (combined 38M weekly downloads) published compromised versions after maintainer 2FA bypass. Postinstall hooks exfiltrated env vars, SSH keys, and git credentials. Runs at every npm install. CVSS 8.8.", "type": "cve", "cve": "CVE-2026-12091", "cvss": 8.8, "product": "npm registry ecosystem (5 affected packages)", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "npm", "supply chain", "postinstall", "maintainer account takeover", "credential exfiltration", "developer environment" ], "date": "2026-04-23T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-12091-npm-postinstall-maintainer-takeover", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-12091-npm-postinstall-maintainer-takeover" }, { "slug": "cve-2026-51893-gitlab-saml-deserialization-rce", "title": "CVE-2026-51893: GitLab SAML deserialization yields unauth RCE", "description": "GitLab EE deserializes SAML AttributeStatement attributes before signature validation on a subset of code paths. A crafted SAML response containing a YAML-tagged attribute object runs code as the GitLab service account. Unauthenticated, CVSS 9.8.", "type": "cve", "cve": "CVE-2026-51893", "cvss": 9.8, "product": "GitLab EE (SAML SSO, 16.8 through 17.1.2)", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "GitLab", "SAML", "SSO", "deserialization", "unauthenticated RCE", "management plane", "source-code exfiltration" ], "date": "2026-04-23T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-51893-gitlab-saml-deserialization-rce", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-51893-gitlab-saml-deserialization-rce" }, { "slug": "cve-2026-27701-livecode-github-actions-js-injection", "title": "CVE-2026-27701: JavaScript injection via PR title in LiveCode's GitHub Actions", "description": "A LiveCode GitHub Actions workflow interpolates PR titles directly into a JavaScript block. A crafted title runs attacker code in the workflow runner with the repository's secrets in scope.", "type": "cve", "cve": "CVE-2026-27701", "cvss": 8.9, "product": "LiveCode GitHub Actions workflow", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "GitHub Actions", "CI/CD", "JavaScript injection", "supply chain", "workflow runner" ], "date": "2026-04-22T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-27701-livecode-github-actions-js-injection", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-27701-livecode-github-actions-js-injection" }, { "slug": "cve-2026-33824-windows-ike-unauth-rce", "title": "CVE-2026-33824: Unauthenticated RCE in Windows IKE — patch now", "description": "The headline CVE in Microsoft's April 2026 Patch Tuesday is a CVSS 9.8 unauthenticated RCE in the Windows IKE Service Extensions. Any host with IPsec exposed is a wormable target.", "type": "cve", "cve": "CVE-2026-33824", "cvss": 9.8, "product": "Windows (IKE Service Extensions)", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "Windows", "IPsec", "IKE", "RCE", "pre-auth", "wormable" ], "date": "2026-04-22T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-33824-windows-ike-unauth-rce", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-33824-windows-ike-unauth-rce" }, { "slug": "cve-2026-34040-docker-auth-bypass-ai-agent-takeover", "title": "CVE-2026-34040: Docker auth bypass turns AI coding agents into cloud takeover", "description": "An incomplete fix for CVE-2024-41110 lets attackers bypass Docker's authorization plugins. The exploitation path that makes it 2026-specific: a crafted GitHub repository tricks an AI coding agent in a Docker sandbox into taking over the cloud account and Kubernetes clusters the agent can reach.", "type": "cve", "cve": "CVE-2026-34040", "cvss": 8.8, "product": "Docker Engine", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "Docker", "auth bypass", "AI agents", "AI supply chain", "cloud takeover", "container security" ], "date": "2026-04-22T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-34040-docker-auth-bypass-ai-agent-takeover", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-34040-docker-auth-bypass-ai-agent-takeover" }, { "slug": "cve-2026-35616-forticlient-ems-auth-bypass", "title": "CVE-2026-35616: Pre-auth API bypass in FortiClient EMS — CISA KEV", "description": "FortiClient Endpoint Management Server exposes an authentication bypass (CVSS 9.1) that yields privilege escalation on the management plane for an entire endpoint fleet. CISA added it to the Known Exploited Vulnerabilities catalog on April 6, 2026.", "type": "cve", "cve": "CVE-2026-35616", "cvss": 9.1, "product": "FortiClient EMS", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "FortiClient", "EMS", "auth bypass", "privilege escalation", "management plane" ], "date": "2026-04-22T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-35616-forticlient-ems-auth-bypass", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-35616-forticlient-ems-auth-bypass" }, { "slug": "cve-2026-33825-windows-defender-bluehammer", "title": "CVE-2026-33825 'BlueHammer': local privesc in Windows Defender", "description": "A race condition in Windows Defender's threat remediation engine (CVSS 7.8) lets a local attacker escalate to SYSTEM. Publicly disclosed April 7, 2026 alongside a working proof-of-concept.", "type": "cve", "cve": "CVE-2026-33825", "cvss": 7.8, "product": "Windows Defender", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "Windows Defender", "local privilege escalation", "race condition", "BlueHammer", "endpoint security" ], "date": "2026-04-22T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-33825-windows-defender-bluehammer", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-33825-windows-defender-bluehammer" }, { "slug": "cve-2026-39987-marimo-rce-exploited-in-10-hours", "title": "CVE-2026-39987: Pre-auth RCE in Marimo exploited within 10 hours", "description": "A pre-authenticated remote code execution flaw in the Marimo Python notebook (CVSS 9.3) was weaponized and actively exploited within ten hours of public disclosure. Here's what happened and how to respond.", "type": "cve", "cve": "CVE-2026-39987", "cvss": 9.3, "product": "Marimo", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "Marimo", "Python notebook", "pre-auth RCE", "AI tooling", "MLOps", "exploited in the wild" ], "date": "2026-04-22T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-39987-marimo-rce-exploited-in-10-hours", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-39987-marimo-rce-exploited-in-10-hours" }, { "slug": "cve-2026-33032-nginx-ui-auth-bypass-mcpwn", "title": "CVE-2026-33032: Authentication bypass in nginx-ui takes over 2,600+ servers", "description": "A critical authentication bypass in nginx-ui (CVSS 9.8) — dubbed 'MCPwn' by researchers — enables full takeover of the underlying Nginx service and the host it runs on. Over 2,600 exposed instances have been identified.", "type": "cve", "cve": "CVE-2026-33032", "cvss": 9.8, "product": "nginx-ui", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "nginx-ui", "auth bypass", "management plane", "unauthenticated RCE", "MCPwn" ], "date": "2026-04-22T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-33032-nginx-ui-auth-bypass-mcpwn", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-33032-nginx-ui-auth-bypass-mcpwn" }, { "slug": "cve-2026-5281-chrome-dawn-webgpu-zero-day", "title": "CVE-2026-5281: Chrome zero-day in Dawn/WebGPU under active exploitation", "description": "A high-severity use-after-free in Chrome's Dawn WebGPU implementation is being exploited in the wild. CISA added CVE-2026-5281 to the Known Exploited Vulnerabilities catalog on April 1, 2026.", "type": "cve", "cve": "CVE-2026-5281", "cvss": 8.8, "product": "Google Chrome (Dawn / WebGPU)", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "Chrome", "WebGPU", "Dawn", "use-after-free", "browser zero-day", "Electron" ], "date": "2026-04-22T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-5281-chrome-dawn-webgpu-zero-day", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-5281-chrome-dawn-webgpu-zero-day" }, { "slug": "cve-2026-5760-sglang-rce-via-malicious-gguf-models", "title": "CVE-2026-5760: RCE via malicious GGUF model files in SGLang", "description": "A CVSS 9.8 vulnerability in SGLang lets an attacker achieve remote code execution by crafting a malicious GGUF model file. The trust boundary has moved from 'downloaded binary' to 'downloaded weights'.", "type": "cve", "cve": "CVE-2026-5760", "cvss": 9.8, "product": "SGLang", "actors": null, "campaign": null, "targetSectors": null, "targetRegions": null, "tags": [ "SGLang", "GGUF", "malicious model", "AI supply chain", "LLM serving", "ML inference" ], "date": "2026-04-22T00:00:00.000Z", "hubUrl": "https://keepsecure.io/hub/cve-2026-5760-sglang-rce-via-malicious-gguf-models", "hasArtifacts": true, "artifactsUrl": "https://github.com/keepsecure-labs/artifacts/tree/main/cve-2026-5760-sglang-rce-via-malicious-gguf-models" } ] }