Security Boulevard

Shai-Hulud: The Second Coming

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...

Years-old bugs in open source tool left every major cloud open to disruption

It's been around for 14 years, and at least one of the newly disclosed bugs, a path-traversal flaw now tracked as CVE 2025-12972, has left cloud environments vulnerable for more than 8 years, ...

Watch out coders - top code formatting sites are apparently exposing huge amounts of user data

People are willingly uploading secrets to JSONFormatter and CodeBeautify, where hackers can easily pick them up.
CSO Online

Fluent Bit vulnerabilities could enable full cloud takeover

Flaws in Fluent Bit could let attackers inject fake logs, reroute telemetry, and execute arbitrary code across cloud ...

Google may soon let Gemini read your NotebookLM files and answer related queries

NotebookLM integration that lets you import notebooks into chats and vice versa, promising a more seamless AI workflow.
The Hacker News

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

Researchers uncovered 5GB of leaked credentials from JSONFormatter and CodeBeautify, exposing sensitive data across critical ...
Cryptopolitan on MSN

Over 80,000 sensitive password and key files leaked online

Researchers uncover more than 80,000 leaked passwords, keys, and sensitive files exposed on popular online code formatting ...

A weekend ‘vibe code’ hack by Andrej Karpathy quietly sketches the missing layer of enterprise AI orchestration

Andrej Karpathy’s weekend “vibe code” LLM Council project shows how a simple multi‑model AI hack can become a blueprint for ...

Shai-Hulud 2: New version of NPM worm also attacks low-code platforms

The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already ...