Practical AI, webdev, and software signals for builders.
Latest useful updates from the open web: tools, releases, changelogs, WordPress, automation, AI coding, and small software signals worth noticing.
Updated from public feeds and lightly curated for practical builders. No hype feed. No voting. Just signals worth checking.
It is a small public signal board for Old Stack Journal. Items come from public feeds and sources, then get lightly curated so readers can spot useful AI, webdev, WordPress, tooling, automation, and software updates without wading through a noisy social feed.
Security signals.
Showing visible Radar cards in this category for the selected date range.
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 15, 2026 to June 21, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure…
Read original →NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence
NIST’s shift to risk-based enrichment makes one thing clear: modern security teams need more than a single public source. In the AI era, trusted vulnerability intelligence depends on multiple signals, human validation, and clear context.
Read original →A Note to Our Customers and Partners
A note to our customers and partners about Snyk's AI transformation and organizational changes.
Read original →When a vendor's breach becomes yours: lessons from the Klue incident
A forgotten credential at vendor Klue let attackers reach customers' Salesforce data. How modern SaaS breaches cascade, and the keys you should audit.
Read original →Announcing Agentic Development Security (ADS)
Announcing Snyk Agentic Development Security, a new Evo solution that helps organizations securely adopt AI-driven development with visibility, governance, and control.
Read original →The New Security Control Point: Governing AI Agents Inside the Execution Loop
AI agents introduce security risk through the actions they take, not just the code they produce. Learn how agent behavior governance helps teams observe, steer, and block risky actions in real time.
Read original →What nearly 10,000 developer environments reveal about agentic development risk
AI coding agents are adding a new layer to the software supply chain. Learn what Snyk found in nearly 10,000 developer environments and how to secure the tools, instructions, and permissions behind agentic development.
Read original →Wordfence Intelligence Weekly WordPress Vulnerability Report (June 8, 2026 to June 14, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure…
Read original →Critical Unauthenticated Arbitrary File Deletion Vulnerability Patched in Avada Builder WordPress Plugin
On May 13th, 2026, we received a submission for a critical Unauthenticated Arbitrary File Deletion vulnerability in Avada Builder, a premium WordPress plugin with an estimated 1,000,000 active installations. This vulnerability makes it possible for unauthenticated…
Read original →The full Snyk AI Security Platform, free for open source maintainers
Open source maintainers are drowning in real vulnerability reports and need help prioritizing, fixing, and shipping remediation faster. Snyk’s Secure Developer Program gives qualifying projects free access to the Snyk AI Security Platform.
Read original →Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin
On March 30th, 2026, we publicly disclosed a Sensitive Information Exposure vulnerability in Gravity SMTP, a WordPress plugin with an estimated 100,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to retrieve detailed system…
Read original →A Day in the Life of an AI Engineer in Snyk's Lisbon Office
Explore a day in the life of an AI Engineer at Snyk's Lisbon office. See what it's like building AI-powered security tools, collaborating globally, and enjoying the vibrant culture of Portugal's capital city.
Read original →A Forgotten Contributor Account Compromised the Entire Mastra npm Package Scope
A dormant contributor account was used to republish the entire @mastra npm scope, each injected with a single dependency, easy-day-js, that drops a cross-platform cryptocurrency stealer. Here is how the attack worked, how to check exposure,…
Read original →PSA: Supply Chain Compromise Targets ShapedPlugin, Backdoored Pro Plugins Distributed via Official Channels
The Wordfence Threat Intelligence Team was notified on June 11th, 2026 of a potential supply chain compromise affecting ShapedPlugin, a WordPress plugin vendor with over 400,000 active free plugin installations. Fortunately, Wordfence customers have already had…
Read original →The Government Just Banned an AI Model. An Engineer's Perspective.
A government order abruptly took down a powerful AI model, exposing a new kind of supply chain risk for engineering teams. Security leaders need contingency plans before the next model disappears.
Read original →When a Government Pulls an AI Model: What the Fable 5 and Mythos 5 Suspension Means for Security Teams
On June 12, 2026, a US export-control directive led Anthropic to disable Claude Fable 5 and Mythos 5 worldwide over a reported jailbreak. The reported trigger was a code-analysis capability that defenders use routinely. Here is…
Read original →Wordfence Intelligence Weekly WordPress Vulnerability Report (June 1, 2026 to June 7, 2026)
Last week, there were 159 vulnerabilities disclosed in 140 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 96 Vulnerability Researchers that contributed to WordPress Security…
Read original →Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin
On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base,…
Read original →Quarterly WordPress Threat Intelligence Report – Q1 2026
As the industry leader in WordPress security we have access to attack telemetry and vulnerability intelligence that no other security provider can compare to. We know exactly what vulnerabilities will become a target for threats, what…
Read original →Wordfence Intelligence Weekly WordPress Vulnerability Report (May 25, 2026 to May 31, 2026)
Last week, there were 277 vulnerabilities disclosed in 184 WordPress Plugins and 70 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 94 Vulnerability Researchers that contributed to WordPress Security…
Read original →Type Level Security: The future of secure AI code generation?
Secure-by-design types can turn common bugs into compile-time errors. This post explores how type-level security could help prevent entire classes of AI-generated vulnerabilities.
Read original →So You Have an AI Security Budget. Now what?
An AI security budget should fund more than visibility. The real priority is unified governance and enforcement across agentic development and production apps.
Read original →Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp
A new npm worm is abusing binding.gyp to trigger node-gyp during install, letting malicious packages run code without lifecycle scripts. It steals credentials, persists in GitHub, and self-propagates across maintainers.
Read original →Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin
On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. The post Attackers Actively Exploiting Critical Vulnerability in Everest Forms…
Read original →The New Security Risks of the Agentic Development Lifecycle
AI agents are changing how software gets built, and with it, where security risk begins. Learn why securing the process matters as much as securing the code.
Read original →Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin
On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username,…
Read original →Protestware by open source maintainer to hinder agentic coding: The jqwik 1.10.0 Prompt Injection
jqwik 1.10.0 added a hidden prompt injection aimed at AI coding agents, using terminal escape codes to conceal destructive instructions from humans while leaving them readable to logs and tools.
Read original →Unauthenticated Privilege Escalation Vulnerability Patched in Kirki WordPress Plugin
On May 4th, 2026, we received a submission for an Unauthenticated Privilege Escalation vulnerability in the Kirki WordPress plugin. Although the plugin has more than 500,000 active installations, we estimate that only around 150,000 sites are…
Read original →