Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
IEEE

Evaluating Large Language Models for Line-Level Vulnerability Localization

Abstract: Recently, Automated Vulnerability Localization (AVL) has attracted growing attention, aiming to facilitate diagnosis by pinpointing the specific lines of code responsible for vulnerabilities ...
IEEE

VulKiller: Java Web Vulnerability Detection with Code Property Graph and Large Language Models

Abstract: In recent years, web application development has become more efficient, yet vulnerabilities still pose significant risks. Traditional static and dynamic detection techniques are prone to ...
The Hacker News

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities ...
Bleeping Computer

CISA flags VMware Aria Operations RCE flaw as exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the ...
GitHub

Command Injection in Cloud Compliance Scanning in HummerRisk

Project: HummerRisk Repository: https://github.com/HummerRisk/HummerRisk Affected Version: <=1.5.0 Affected Component: Cloud compliance scanning module A critical ...
SecurityWeek

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws. The most important of the newly patched vulnerabilities based on CVSS score ...