Get demo

Research

Vulnerability research and advisories

Actionable writeups with exploit context, metadata, and practical remediation details.

Subscribe to our security research

art-template npm compromise delivered a Coruna-like iOS exploit kit

Compromised npm releases of art-template appended browser-side script loaders to lib/template-web.js, sending downstream site visitors through hidden iframes into a Safari/iOS exploit delivery framework instead of only stealing developer secrets at install time.

May 22, 2026 • critical
CWE-506CVE-2024-23222

CVE-2025-34291: Langflow CORS and refresh-token chain reaches RCE

CISA added CVE-2025-34291 to KEV after exploitation of a Langflow chain where wildcard credentialed CORS and a SameSite=None refresh-token cookie let a malicious webpage mint API tokens and reach authenticated code-execution endpoints.

May 22, 2026 • critical
CWE-346CVE-2025-34291

CVE-2026-46333: Linux ptrace race leaks privileged file descriptors

CVE-2026-46333 is a Linux kernel ptrace authorization flaw where pidfd_getfd can race a dying privileged process after it drops credentials, duplicating sensitive file descriptors such as /etc/shadow, SSH host keys, or authenticated system D-Bus sockets.

May 22, 2026 • high
CWE-269CVE-2026-46333

NVIDIA TensorRT-LLM deserialization flaws expose distributed inference control paths

CVE-2025-33255 and CVE-2026-24142 affect NVIDIA TensorRT-LLM before 1.2, where unsafe deserialization in MPI and serialized weight-handle paths could turn crafted control-plane data into code execution, data tampering, information disclosure, or denial of service.

May 21, 2026 • critical
CWE-502CVE-2025-33255CVE-2026-24142

GitHub breached through a poisoned VS Code extension: 3,800 internal repositories stolen

TeamPCP exploited a cascading supply chain attack from TanStack to Nx Console to a GitHub employee workstation to exfiltrate approximately 3,800 private GitHub repositories containing infrastructure configs, deployment scripts, staging credentials, and internal API schemas.

May 21, 2026 • critical
CWE-506CWE-200CVE-2026-48027

Nx Console VS Code extension 18.95.0 shipped a developer credential stealer

A malicious 18.95.0 release of the Nx Console VS Code extension executed a hidden npx task on workspace activation, fetched an obfuscated Bun payload from a dangling nrwl/nx commit, harvested developer and cloud credentials, installed macOS persistence, and demonstrated the same auto-update path now tied to GitHub internal repository exposure.

May 20, 2026 • critical
CWE-506

shopsprint/decimal Go typosquat hides DNS TXT command backdoor

The typosquatted Go module github.com/shopsprint/decimal copied the popular shopspring/decimal API, then weaponized version 1.3.3 with an init() goroutine that polls DNS TXT records and executes returned commands.

May 20, 2026 • critical
CWE-506CWE-78

CVE-2026-25244: WebdriverIO BrowserStack Service executes Git branch names in shell commands

WebdriverIO BrowserStack Service versions through 9.23.2 interpolate attacker-controlled Git branch names into execSync() calls during test orchestration smart selection, allowing command injection on CI runners and developer machines.

May 20, 2026 • critical
CWE-78CVE-2026-25244

Mini Shai-Hulud npm worm hits AntV, echarts-for-react, and timeago.js

TeamPCP's Mini Shai-Hulud campaign expanded on May 19 with hundreds of malicious npm releases across the AntV data-visualization ecosystem and related packages including echarts-for-react, timeago.js, size-sensor, and jest-canvas-mock.

May 19, 2026 • critical
CWE-506

durabletask PyPI releases backdoored with multi-cloud credential stealer

Three malicious PyPI releases of Microsoft's durabletask Python SDK, versions 1.4.1 through 1.4.3, executed an import-time Linux dropper that fetched rope.pyz, harvested cloud and developer secrets, and attempted lateral movement through AWS SSM and Kubernetes.

May 19, 2026 • critical
CWE-506

Weekly Briefing - 19-05-2026

Corgea's weekly briefing for 12-19 May 2026 covers the durabletask PyPI compromise, the Mini Shai-Hulud expansion into AntV and related npm packages, the Nx Console extension compromise, WebdriverIO command injection, and other important supply-chain, kernel, and application-security research from the week.

May 19, 2026 • critical
CWE-506CWE-78CWE-123

Backdoored Cemu Linux release assets reused TeamPCP credential-stealer payload

Cemu v2.6 Linux GitHub release assets were deleted and re-uploaded with a Python zipapp payload tied to the TanStack and Mistral TeamPCP supply-chain campaign, exposing users who ran the AppImage or Ubuntu ZIP to credential theft and possible destructive behavior.

May 17, 2026 • high
CWE-506CWE-494

Strapi advisory cluster exposes admin token oracle and content-builder SQL injection

Five Strapi advisories published in mid-May affect npm packages across the Strapi CMS stack, including a critical unauthenticated admin reset-token oracle in @strapi/strapi and a critical Content-Type Builder SQL injection in @strapi/content-type-builder and @strapi/plugin-content-type-builder.

May 17, 2026 • critical
CWE-22CWE-89CWE-200

MAL-2026-3744: node-ipc npm releases backdoored with DNS exfiltration stealer

Three npm releases of node-ipc, versions 9.1.6, 9.2.3, and 12.0.1, were published with an obfuscated CommonJS payload that steals developer and CI credentials and exfiltrates gzipped archives through DNS TXT queries.

May 15, 2026 • critical
CWE-506

Fragnesia: Linux ESP-in-TCP bug revives page-cache root escalation

CVE-2026-46300, nicknamed Fragnesia, is a new Linux kernel XFRM ESP-in-TCP local privilege escalation that lets unprivileged local attackers corrupt read-only file contents in page cache and execute a root shell from a patched-in-memory system binary.

May 14, 2026 • high
CWE-123CVE-2026-46300

GemStuffer abuses RubyGems as a data-exfiltration channel

GemStuffer is a RubyGems registry-abuse campaign that published 155 junk package artifacts containing scraped UK council portal data, using hardcoded RubyGems API keys and valid .gem archives as a public data drop.

May 13, 2026 • medium
CWE-506CWE-200

CVE-2026-41242: protobufjs can execute code from attacker-controlled schemas

protobufjs before 7.5.5 and 8.0.1 can turn schema metadata into executable JavaScript through unsafe runtime code generation, exposing Node.js services that load attacker-influenced protobuf definitions or JSON descriptors.

May 12, 2026 • high
CWE-94CVE-2026-41242

Dirty Frag: Linux kernel ESP and RxRPC flaws enable local root escalation

Dirty Frag chains CVE-2026-43284 in Linux kernel ESP/IPsec handling with CVE-2026-43500 in RxRPC to turn local access into root on many Linux distributions, with public proof-of-concept code available before broad vendor patch coverage.

May 12, 2026 • high
CWE-123CVE-2026-43284CVE-2026-43500

Five malicious IR.* NuGet packages impersonate Chinese .NET libraries

A NuGet campaign published five IR.* packages under the bmrxntfj account, using functional .NET library wrappers plus a Reactor-protected infostealer to target browser credentials, SSH keys, cloud secrets, and crypto wallets across developer workstations and CI systems.

May 12, 2026 • critical
CWE-506

Mini Shai-Hulud Supply-Chain Worm Compromises TanStack, Mistral AI, UiPath, and 160+ npm Packages

TeamPCP launched a coordinated supply-chain attack against the npm and PyPI ecosystems, compromising 373 malicious package versions across 169 package names including @tanstack/react-router, @mistralai/mistralai, and @uipath packages. TanStack's npm compromise is now tracked as CVE-2026-45321 after attackers used a misconfigured CI workflow, cache poisoning, and OIDC token theft to publish malware with trusted provenance.

May 12, 2026 • critical
CWE-506CVE-2026-45321