Expert perspectives on application security, compliance, and emerging threats
IncidentWhat Happened A recent campaign by the North Korean threat actor group Famous Chollima involved the publication of 26 malicious packages to the npm registry. These packages deployed a cross-platform r
IncidentThe Surge in API Attacks In the first half of 2025, small and medium-sized businesses (SMBs) faced over 1.45 billion attacks, with API-targeted exploits increasing 74 times compared to previous period
IncidentWhat Happened In late 2024, Truffle Security discovered 2,863 live Google Cloud API keys exposed in public repositories. These weren t stolen credentials or phishing victims—they were legitimate billi
IncidentAI s Impact on Vulnerability Discovery In a 90-day period, an AI agent named XBOW submitted over 1,060 valid vulnerabilities to bug bounty programs, surpassing the combined efforts of thousands of hum
Get weekly security insights and compliance updates delivered to your inbox.
IncidentWhat Happened In October 2024, security researchers at Zenity discovered a zero-click vulnerability in Perplexity s Comet AI browser. The flaw, named PerplexedComet, allowed attackers to inject malici
IncidentWhat Happened Truffle Security discovered nearly 3,000 Google Cloud API keys embedded in publicly accessible client-side code. These keys provided unauthorized access to Google s Gemini API endpoints,
IncidentWhat Happened A threat actor compromised the Cline CLI package on npm and modified it to silently install OpenClaw—an AI coding agent—on developer machines without consent. The malicious version was l
