Gogs RCE Zero-Day: Check Open Registration
Rapid7 disclosed a critical unpatched Gogs RCE path. Check open registration, repository creation, and rebase merge settings now.
News desk
Security News
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
June 4, 2026
Latest reports
Deno RAT Fake Downloads
Malwarebytes found fake GitHub and SourceForge downloads impersonating ChatGPT, Claude, AutoTune, and other tools to deliver DinDoor and a Deno-based RAT.
7-Zip CVE-2026-48095 Fix
CVE-2026-48095 is a 7-Zip NTFS handler heap overflow fixed in 7-Zip 26.01. Update from official sources and treat unexpected archives or renamed files cautiously.
UniFi OS Patch Guide
Ubiquiti patched five UniFi OS vulnerabilities, including three CVSS 10 critical flaws. Check affected UniFi devices, fixed versions, and post-update steps.
Ghost CMS Exploit Poisons 700 Sites for ClickFix Malware
Attackers are exploiting Ghost CMS CVE-2026-26980 to inject ClickFix loaders into trusted sites. Patch Ghost, rotate API keys, and treat fake verification prompts as…
npm Staged Publishing: What Maintainers Should Change Now
npm CLI 11.15.0 adds staged publishing and new install-source controls. Here is what maintainers should enable, what CI should change, and what to check…
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited for Root Scripts
LiteSpeed says CVE-2026-48172 is being actively exploited in its user-end cPanel plugin. Hosts should update to WHM Plugin 5.3.1.0 or remove the user-end plugin…
Packagist Postinstall Malware: What Developers Should Check
A Packagist and GitHub supply-chain campaign used malicious postinstall hooks to fetch Linux malware from GitHub Releases. Check package.json, CI logs, and build tokens.
Laravel-Lang Composer Packages Rewritten to Steal CI Secrets
Laravel-Lang Composer packages were compromised through rewritten tags that run a PHP credential stealer as soon as Composer autoload is loaded.