Mastodawn

🔴 CVE-2026-34841 - Critical (9.8)

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34841/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

Show thread

threatchain 7h ago

@thehackerwire Supply chain attacks on dev tools are particularly nasty since they can sit undetected for months while developers unknowingly push compromised code to production. Makes you wonder how many other popular packages have similar time bombs waiting.