Expert perspectives on application security, compliance, and emerging threats
IncidentIncident Overview On April 22, attackers published a malicious version of the Bitwarden CLI package to npm. This compromised package was available for about 90 minutes before it was detected and remov
IncidentWhat Happened Between late March and early April 2025, attackers began exploiting CVE-2026-42945 , a critical vulnerability in NGINX that allows denial-of-service attacks and potential remote code exe
IncidentIncident Overview Attackers compromised the node-ipc npm package by exploiting an expired domain linked to a maintainer s account. They published malicious versions (11.0.0, 11.1.0, and 12.0.0) contai
IncidentWhat Happened On April 13, Microsoft rejected a security researcher s vulnerability report for Azure Backup for AKS (Azure Kubernetes Service). The researcher, Justin O Leary, identified a privilege e
Get weekly security insights and compliance updates delivered to your inbox.
IncidentOn May 14, 2026, three malicious versions of node-ipc—a package with millions of weekly downloads—were published to npm. These versions (9.1.6, 9.2.3, and 12.0.1) contained a credential-stealing paylo
IncidentWhat Happened TeamPCP compromised the Checkmarx Jenkins AST plugin in a second supply chain attack, using credentials obtained from an earlier breach. The attackers gained write access to the plugin s
IncidentWhat Happened SAP s May 2026 security updates addressed 15 vulnerabilities across its enterprise software portfolio. Two critical flaws stand out for their exploitability and potential impact: CVE-202
IncidentWhat Happened In early 2025, HackerOne paused its bug bounty program due to an overwhelming increase in vulnerability discoveries, driven by AI-assisted research. This wasn t a breach or technical fai
IncidentWhat Happened Cyera disclosed a critical heap out-of-bounds read vulnerability in Ollama, a popular open-source framework for running large language models locally. The flaw, tracked as CVE-2026-7482
IncidentWhat Happened On March 23, 2026, malicious artifacts were published through a compromised Checkmarx GitHub repository. Seven days later, on March 30, attackers exfiltrated data from systems that had c
IncidentOn April 8, attackers compromised DAEMON Tools distribution infrastructure and replaced legitimate installers with trojanized versions. The attack continued through at least mid-April, affecting versi
IncidentBetween April 8 and May 5, 2026, Windows users who downloaded DAEMON Tools from its official website unknowingly installed malware. AVB Disc Soft s legitimate installers were compromised to deliver QU
IncidentThe Overlooked Vulnerability Threat Your Software Composition Analysis (SCA) tool flags 47 vulnerabilities in your production dependencies. You patch them, and your dashboard shows green. But here s t
IncidentWhat Happened On January 8, 2025, researchers disclosed CVE-2026-33017 , a critical unauthenticated remote code execution vulnerability in Langflow, an open-source platform for building AI application
IncidentIncident Overview Versions 2.6.2 and 2.6.3 of the lightning package on PyPI were compromised with malicious code. An attacker exploited a stored API token to publish these versions without authorizati
IncidentThe Challenge of AI-Driven Vulnerability Discovery On April 7, Anthropic released Claude Mythos Preview, an AI system designed to identify security vulnerabilities at scale. This tool promised to scan
