If left unpatched, the API flaw could let attackers bypass authentication, gain admin access, and steal company secrets.

Starting now we officially welcome your to nominate your top products, solutions and standout individuals.

All of the vulnerabilities should be remediated by federal agencies by Apr. 15, according to CISA.

Stealthier attacks have been facilitated by threat actors through the utilization of several strategically positioned internet-connected GEOBOX devices.

Top.gg GitHub organization, which is commonly leveraged for Discord servers, and other GitHub developers have been compromised in a new software supply chain attack campaign that involved browser cookie exfiltration and malicious PyPi package publication.

UNC5174, which is believed to be an ex-member of Chinese hacktivist groups Genesis Day and Dawn Calvary, leveraged a flaw, to compromise U.S. defense contractors, UK government organizations, and Asian entities.

Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.

Simultaneously leveraging the developer platform's Copilot and CodeQL tools, GitHub's code-scanning autofix feature, which is still in beta, has been touted to address over two-thirds of discovered code bugs.