News

Application security news, updated daily (if there is any news to share).

OpenLIT patches critical GitHub Actions workflow issue that could expose secrets (CVE-2026-27941)

OpenLIT disclosed and fixed a critical GitHub Actions workflow flaw where `pull_request_target` could execute untrusted fork code with privileged tokens and secrets exposed.

CI/CD SecurityGitHub ActionsSupply Chain

26 Feb 2026

F5 Labs: Cline CLI 2.3.0 npm token compromise used postinstall to install OpenClaw on developer systems

F5 Labs reports a supply-chain compromise of Cline CLI 2.3.0 via a stolen npm token, installing OpenClaw and highlighting GitHub Actions cache-poisoning and prompt-injection risks.

Supply ChainCI/CD SecurityAI Security

25 Feb 2026

Jenkins advisory fixes High-severity stored XSS in node "mark temporarily offline" description

Jenkins published a security advisory fixing a High-severity stored XSS in core that can be abused by users with node configuration/disconnect permissions; update is available.

NewsCI/CD SecurityWeb Security

18 Feb 2026

Loading news…