Secure Bulletin Navigating the cyber sea with knowledge
Home > Tag > open source security
#open source security

25-Year-Old cURL Vulnerability Patched in Record-Breaking Security Release Fixing 18 CVEs

26 June 2026  |  dark6  |  Vulnerability

A critical authentication bypass flaw in cURL that had existed undetected for over 25 years has been patched in curl 8.21.0, released June 24, 2026. The release simultaneously...

>> read more

Supply Chain Attack Compromises 140+ Mastra npm Packages, Targeting Developer Credentials and Crypto Wallets

18 June 2026  |  dark6  |  Malware

A sophisticated supply chain attack has compromised over 141 packages in the Mastra-AI npm ecosystem, including @mastra/core which sees 918,000 weekly downloads. Detected on June 17, 2026, the...

>> read more

Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor

29 May 2026  |  dark6  |  Malware

The npm package forge-jsxy quietly stole cryptocurrency wallet keys, browser credentials, and developer data across Windows, macOS, and Linux — publishing 22 malicious versions in 22 days, and...

>> read more

Five Critical Redis Vulnerabilities Enable Remote Code Execution Across All Editions — Patch Now

10 May 2026  |  dark6  |  Vulnerability

Redis has disclosed five high-severity vulnerabilities (CVE-2026-23479, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589, CVE-2026-23631) affecting Redis Cloud, Redis Software, and all open-source community editions. The flaws include use-after-free conditions and memory...

>> read more

Malicious npm Package js-logger-pack Turns Hugging Face Into Malware CDN and Data Exfiltration Backend

24 April 2026  |  dark6  |  Malware

JFrog Security researchers have uncovered a malicious npm package, js-logger-pack, that uses Hugging Face as both a malware delivery network and an exfiltration backend for stolen data. The...

>> read more