Recent news in security

Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery 
  

Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery 

Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This analysis breaks down the

  

CVE-2026-1609 | Red Hat Keycloak JWT Authorization Grant Processing improper authorization

A vulnerability categorized as problematic has been discovered in Red Hat Keycloak. Impacted is an unknown function of the component

  

CVE-2026-49353 | decolua 9router up to 0.4.45 Dashboard src/dashboardGuard.js isLocalRequest improper authentication

A vulnerability was found in decolua 9router up to 0.4.45 and classified as very critical. The affected element is the

Vendor

CERTs

Vulnerabilities