Expert perspectives on application security, compliance, and emerging threats
IncidentAn attacker pushed 5,718 malicious commits across 5,561 GitHub repositories in just six hours. This campaign, known as Megalodon, didn t rely on a zero-day or novel vulnerability. Instead, it exploite
IncidentWhat Happened Between late 2024 and early 2025, TrendAI and CHT Security used an AI-driven static analysis system to scan WordPress plugins. This system uncovered over 300 critical zero-day vulnerabil
IncidentOn January 15, 2025, GitHub disclosed that attackers accessed internal repositories and exfiltrated source code. Days later, Grafana Labs confirmed a similar breach. Both incidents traced back to a su
IncidentWhat Happened Between May 15 and May 21, 2025, CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation. CVE-2025-34291, an origin valid
Get weekly security insights and compliance updates delivered to your inbox.
IncidentWhat Happened In December 2024, state-sponsored attackers exploited a PostgreSQL SQL injection zero-day to infiltrate the US Treasury. This vulnerability allowed them to bypass authentication controls
IncidentOverview of the Vulnerability ChromaDB versions 1.0.0 through 1.5.8 have a critical vulnerability allowing unauthenticated remote code execution. The flaw, tracked as CVE-2026-45829, exploits a race c
IncidentAn AI agent you deploy to automate customer support queries suddenly starts leaking API keys to an external server. Your incident response team traces it back to a helpful skill you installed three we
IncidentIntroduction Google s integration of CodeMender, an AI-powered vulnerability remediation agent, into the Gemini Enterprise Agent Platform marks a strategic shift in AI security governance. This move d
IncidentWhat Happened CVE-2026-44575 allows attackers to bypass middleware-based authorization controls in Next.js App Router applications through manipulated request paths. The vulnerability affects Next.js
IncidentOn May 18, 2026, GitHub disclosed a breach of its internal repositories. The attack vector: a trojanized VS Code extension called Nx Console, maintained by Narwhal Technologies. The compromised versio
IncidentWhat Happened Attackers compromised the Nx Console VS Code extension and published a malicious version to the Visual Studio Marketplace. This version exfiltrated authentication tokens from developers
IncidentWhat Happened Between late 2024 and early 2025, attackers compromised two versions of the npm package @common-stack/generate-plugin (9.0.2-alpha.21 and 9.0.2-alpha.22). The package, which sees over 1,
IncidentWhat Happened Drupal recently released emergency security updates for six supported versions to patch CVE-2026-9082 , a vulnerability that allows anonymous users to execute remote code on sites using
IncidentEquifax s Security Oversight In 2017, Equifax suffered a massive data breach that exposed the personal information of 147 million people. The breach was due to an unpatched Apache Struts vulnerability
IncidentOverview of the Vulnerability Drupal has released emergency patches for CVE-2026-9082, a critical SQL injection vulnerability affecting sites using PostgreSQL. This issue required coordinated patches
IncidentWhat Happened On May 1, 2025, Grafana detected unauthorized access to its private GitHub repositories. The attacker exploited a single GitHub workflow token that should have been rotated weeks earlier
