Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer 
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code 
NSAuditor AI EE 0.15.3 Closes the 4th and Final S3 Public-Exposure Vector with Object-Level ACL Enumeration and a BucketOwnerEnforced Upstream Short-Circuit 
NSAuditor AI EE 0.15.x Cumulative — NEW Plugin 1222 Azure Key Vault Deep Auditor (27 → 28), Plus Audit-Accuracy Calibration and CloudTrail Hardening Across 0.15.0, 0.15.1, and 0.15.2 
Malicious npm Package Stole Files From Claude AI User Directory via GitHub 
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
What's new: OpenAI reported that two employee devices were compromised in a supply chain attack targeting TanStack. The attack involved...
NSAuditor AI EE 0.5.1 Ships SQS/SNS Auditor v2 — CloudWatch Alarm Coverage on ApproximateAgeOfOldestMessage + NumberOfNotificationsFailed; R-CRITICAL Empty-AlarmActions Silent-PASS Closure
What's new: Nsasoft US LLC has shipped NSAuditor AI Enterprise Edition 0.5.1 — a patch-level extension in the v0.5.x line...
NSAuditor AI EE 0.5.0 Ships SES Email Integrity Auditor v2 — DKIM CNAME DNS Resolution + DMARC TXT Parser + SES Classic API Parity; First Network-Layer Cross-Reference in the EE Evidence Baseline
What's new: Nsasoft US LLC has shipped NSAuditor AI Enterprise Edition 0.5.0 — the minor-version milestone bump from 0.4.x. The...
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
What's new: Grafana reported a breach where an unauthorized party accessed its GitHub environment using a compromised token, allowing them...
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
What's new: A critical vulnerability in NGINX, tracked as CVE-2026-42945, has been actively exploited in the wild. This heap buffer...