Zero-Day Exploits, GitHub Actions Supply Chain Attacks, and OTP Auth Flaws

Zero-Day Exploits, GitHub Actions Supply Chain Attacks, and OTP Auth Flaws ...

martedì 26 maggio 2026 New tab

731 words~3 min read

Today's Highlights

This week's top security news features a critical zero-day actively exploited in KnowledgeDeliver LMS and widespread supply chain cache poisoning targeting open-source projects via GitHub Actions. Additionally, a detailed analysis reveals an OTP rate-limit bypass technique enabling account takeovers through leaked validity signals.

KnowledgeDeliver flaw exploited as a zero-day to install web shells (r/cybersecurity)

Source: https://reddit.com/r/cybersecurity/comments/1tojdsq/knowledgedeliver_flaw_exploited_as_a_zeroday_to/

Zero-Day Exploits, GitHub Actions Supply Chain Attacks, and OTP Auth Flaws

Zero-Day Exploits, GitHub Actions Supply Chain Attacks, and OTP Auth Flaws

Other newsrooms on this story

Related reading

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub…

Ongoing supply chain attacks worm into SAP npm packages

OpenAI caught in TanStack npm supply chain chaos after employee devices…

Security news weekly round-up - 22nd May 2026

GitHub Breach via VSCode Extension, ZTE Router CVE-2026-34472, & Public Repo…

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+…

Other newsrooms on this story

Related reading

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub…

Ongoing supply chain attacks worm into SAP npm packages

OpenAI caught in TanStack npm supply chain chaos after employee devices…

Security news weekly round-up - 22nd May 2026

GitHub Breach via VSCode Extension, ZTE Router CVE-2026-34472, & Public Repo…

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+…