Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new Linux kernel LPE disclosed by Theori/Xint lets any unprivileged local user become root with a 732-byte Python script. Works first try, no race, no per-kernel offsets. CVSS 7.8 (High), effectively critical for shared-kernel and multi-tenant environments.

This post covers a supply chain attack introducing a capability not seen before: using an AI coding assistant’s own GitHub access to commit malicious code to a corporate repository.

Part 1 covered CanisterWorm, the self-spreading npm worm. Part 2 covered the malicious LiteLLM package. Part 3 covered the telnyx WAV steganography attack. Part 4 covered the xinference AI inference attack. This post covers: a compromised @bitwarden/cli package that combines a self-propagating npm worm, a GitHub Actions secrets dumper, and a novel AI assistant poisoning technique.

Part 1 covered CanisterWorm. Part 2 covered the malicious LiteLLM package. Part 3 covered the Telnyx WAV steganography attack. This post covers the latest wave: three malicious versions of xinference on PyPI, carrying the same credential-stealing playbook and a plot twist. On April 22, 2026, Mend.io’s threat detection identified malicious versions of xinference on PyPI: 2.6.0, 2.6.1, and 2.6.2.

Why the next Log4Shell will be won or lost in the first 72 hours—and what a modern zero‑day workflow looks like. Every security team remembers where they were when Log4Shell dropped. A quiet Friday afternoon in December 2021 turned into a weekend of war rooms, emergency patches, and executive updates. Years on, the Log4j fallout still shows up in breach reports—a stubborn reminder that zero‑days don’t end when the news cycle does.

SAST, or Static Application Security Testing, is a method of analyzing source code to find vulnerabilities before the application is deployed. It's a type of white box testing that scans the code without executing it, looking for weaknesses that could be exploited. SAST helps developers identify and fix security issues early in the Software Development Life Cycle (SDLC), potentially reducing costs and improving the overall security posture of the application.