A newly discovered critical vulnerability in the FFmpeg media processing framework bundled in a huge number of open source and commercial applications points, again, to the need for CSOs to have strategies to deal with software supply chain vulnerabilities, which should include demanding a software bill of materials for all products.

Found by researchers at JFrog, the hole (CVE-2026-8461) is a…

OpenAI has launched a program with cybersecurity firm Trail of Bits to use AI to find and fix vulnerabilities in widely used open-source software, as enterprises face growing risks from flaws buried deep in their software supply chains.

The initiative, called Patch the Planet, uses AI-assisted vulnerability research alongside human review to help turn security findings into tested fixes that can…

Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that can’t wait for the company’s quarterly patching. The initial batch addresses 35 flaws, including several for which exploit code is publicly available.

In total, there are 11 flaws rated ‘critical’, 18 rated ‘high’, and 6 ‘medium’. The most…

A newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues in using self-hosted code platforms from small maintainers.

The hole is a critical argument injection vulnerability, discovered by a researcher at Rapid7, that allows any…