Expert perspectives on application security, compliance, and emerging threats
IncidentWhat Happened Security researchers Mario Stathako and colleagues found that npm s package aliasing feature—intended to let developers install packages under different names—creates a new risk for depe
IncidentThe Threat of IDE Extensions Snyk s security research team discovered remote code execution vulnerabilities in Visual Studio Code extensions available through the official marketplace. A significant e
IncidentWhat Happened Elastic Security Labs has introduced the CI/CD Abuse Detector, an open-source prototype that employs a large language model (LLM) to scan pipeline changes for suspicious activity before
GeneralScope - What This Guide Covers This guide addresses the challenge of detecting compromised AI agents in production environments. You ll find specific runtime signals to monitor, implementation pattern
Get weekly security insights and compliance updates delivered to your inbox.
GuidesYour logging infrastructure was built for humans clicking buttons. Now you have AI agents making API calls, and your auditor wants to know who authorized what. This template provides a structured audi
IncidentWhat Happened An authenticated administrator in SuiteCRM could execute arbitrary OS commands through a PHAR deserialization vulnerability. The attack involved uploading a specially crafted PHAR file t
IncidentWhat Happened On February 9, 2021, security researcher Alex Birsan disclosed a dependency confusion attack that compromised build systems at 35 organizations, including major technology companies. The
IncidentWhat Happened On December 9, 2021, security researchers disclosed CVE-2021-44228 , a remote code execution vulnerability in Apache Log4j 2. Known as Log4Shell, it received a CVSS score of 10, indicati
IncidentWhat Happened On December 10, 2021, a critical remote code execution vulnerability in Apache Log4j, identified as CVE-2021-44228, received a CVSS score of 10—the highest severity rating. Known as Log4
GeneralYou ve added Jackson to your project, configured your ObjectMapper, and moved on. The library works, your tests pass, and JSON flows through your API without issue. But security engineers keep finding
IncidentWhat Happened The Federal Trade Commission (FTC) issued a public warning to companies: if you fail to protect consumer data from exposure due to Log4j vulnerabilities, they will pursue legal action. T
IncidentOn January 9, 2022, developers worldwide faced a sudden disruption: their builds were broken. This wasn t due to a zero-day exploit or a sophisticated supply chain attack, but rather a maintainer inte
IncidentOn December 28, 2021, the Apache Log4j team released version 2.17.1 to patch CVE-2021-44832, a remote code execution vulnerability with a CVSS score of 6.6. The technical details are less critical tha
IncidentWhat Happened On December 10, 2021, the Apache Log4j team disclosed CVE-2021-44832 , a remote code execution vulnerability in a widely used Java logging library. Attackers could exploit this by sendin
IncidentWhat Happened On December 18, 2021, Apache disclosed CVE-2021-45105 , a high-severity Denial of Service vulnerability in Log4j version 2.16 — the version released just days earlier to fix CVE-2021-450
IncidentWhat Happened On December 14, 2021, Apache released Log4j version 2.15.0 to address CVE-2021-44228 , the Log4Shell vulnerability. Security teams worldwide rushed to deploy the patch. However, three da
