Another bug hunter leaks Microsoft exploits in defiance of company’s handling of ...

Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

The Open Group、スコープ1・2・3排出量管理を効率化する「Open Footprint ...

June 2, 2026 18:51 UTC サンフランシスコ--(BUSINESS WIRE)-- (ビジネスワイヤ) -- ベンダーニュートラルな技術および標準化団体であるThe Open Groupは、組織によるスコープ1、2、3の排出量報告の効率化を支援する「Open Footprint® Standard, Edition 1.0」を公開したと発表しました。本標準は、3つのスコープすべて ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...