ClickUp Data Leak Exposes Enterprise Emails for Over a Year

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security ...
Infosecurity Magazine

Cline Kanban Flaw Lets Websites Hijack AI Coding Agents

Cline is one of the most widely adopted open-source AI coding assistants, and its Kanban feature provides a web-based project ...

LinkDaddy LLC Launches AI Verified to Solve SME Knowledge Graph Exclusion

AI Verified gives any registered business the machine-readable identity AI systems need to find and cite them — solving the ...

Google May Expand Unsupported Robots.txt Rules List

Google may expand its unsupported robots.txt rules list using HTTP Archive data and could broaden how it handles common ...
The Caledonian-Record

Sound Group Inc. Files 2025 Annual Report on Form 20-F

Sound Group Inc. (“Sound Group” or the “Company”) (NASDAQ: SOGP), a global AI-powered audio company, today announced that it filed its annual report ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was created ...
The Caledonian-Record

17 Education & Technology Group Inc. Files Its Annual Report on Form 20-F

BEIJING, April 29, 2026 (GLOBE NEWSWIRE) -- (NASDAQ: YQ) (“17EdTech” or the “Company”), a leading education technology company in China, today announced that it ...

Nginx 1.30 changes default proxy behavior

ECH encrypts the TLS handshake, backends speak HTTP/2, and Multipath TCP uses multiple network paths in parallel.
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...

Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale

Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by inspecting and blocking risky packages, IDE ...