npm 12 Tightens Security with Disabled Install Scripts
GitHub's latest npm update disables install scripts by default to reduce supply chain risks. The release also deprecates granular access tokens that could bypass 2FA.
Read moreSecurity insights, vulnerability roundups, and updates from the Agent Breach team.
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.
GitHub's latest npm update disables install scripts by default to reduce supply chain risks. The release also deprecates granular access tokens that could bypass 2FA.
Read moreMicrosoft uncovers GigaWiper, a multi-purpose Windows backdoor that bundles disk wiping, fake ransomware, and spyware capabilities. Security teams should monitor for its modular attack patterns.
Read moreAttackers are using aged GitHub accounts to map corporate organizations without detection. These ghost accounts enable persistent reconnaissance through GitHub's API.
Read moreMultiple high-severity flaws in curl affect various Ubuntu LTS versions, potentially leading to credential exposure, unauthorized access, and denial of service.
Read moreSeveral high-risk flaws in libheif could allow attackers to trigger denial of service or access sensitive data. These issues affect image parsing and memory handling in Ubuntu 26.04 LTS.
Read moreA critical flaw in Ubuntu's mailcap package allows attackers to bypass sandbox restrictions. This vulnerability could lead to arbitrary code execution on host systems.
Read moreThreat actor 'Lurking Lizard' has been running a malicious proxy service using fake software installers since 2022. Over 230 domains were used to distribute malware disguised as legitimate applications.
Read moreSix popular AI coding tools are vulnerable to symlink-based attacks that can lead to remote code execution. These flaws allow malicious repositories to gain unauthorized access to developers' systems.
Read moreSecurity researchers demonstrate how AI agents designed to detect vulnerabilities can be manipulated into running malicious code. The 'Friendly Fire' attack targets autonomous AI systems like Claude Code and Codex.
Read moreMeta's new Muse Image AI tool allows users to generate content using public Instagram photos without explicit consent. The feature is enabled by default, sparking privacy and security discussions.
Read more