Expert perspectives on application security, compliance, and emerging threats
IncidentAn authentication bypass vulnerability lingered in phpBB s codebase for a decade, allowing admin access through a specially crafted request. Aikido discovered the flaw on June 2nd, and phpBB released
IncidentWhat Happened On December 9, 2021, security researchers disclosed CVE-2021-44228 , a critical remote code execution vulnerability in Log4j2, a widely used Java logging framework maintained by the Apac
IncidentWhat Happened Flare researchers discovered active listings for compromised developer credentials and access tokens on underground forums—weeks before these same credentials appeared in public supply-c
GeneralThe Conventional Wisdom When your AI integration starts producing incorrect outputs, your team often relies on familiar tools: stack traces, breakpoints, and unit tests. You might add logging around t
Get weekly security insights and compliance updates delivered to your inbox.
IncidentWhat Happened A security evaluation using the StakeBench benchmark revealed that current AI web agents are vulnerable to prompt injection attacks across various deployment scenarios. Researchers teste
IncidentWhat Happened On or after June 11, an attacker compromised over 400 packages in the Arch User Repository (AUR) by exploiting a fundamental weakness in community-maintained package systems: abandonment
IncidentWhat Happened In January 2025, Check Point researcher Yarden Porat disclosed three vulnerabilities in LangGraph, a framework for building stateful AI agent workflows. The most severe, CVE-2025-67644 (
IncidentWhat Happened Between late 2023 and early 2024, three incidents highlighted a shift from opportunistic cyber attacks to professional service operations. SafeDep documented the Miasma supply chain atta
IncidentWhat Happened A remote code execution vulnerability was discovered in Celery , a widely-used Python distributed task queue. This flaw allowed attackers to execute arbitrary commands through object tra
IncidentYour AI agent just forwarded AWS credentials to an attacker. The request came through a routine email contact. No exploit kit, no zero-day — just a text field the agent trusted implicitly. Two researc
IncidentWhat Happened Nothing broke. No breach occurred. No credentials leaked. That s the point. GitHub announced that npm version 12, releasing next month, will disable install scripts by default. This is a
GeneralYour marketing team recently used an AI agent to build a customer analytics dashboard. The agent selected three npm packages that seemed perfect: tracking user behavior, exporting data to CSV, and sen
IncidentWhat Happened On June 5, ServiceNow issued security update KB3067321 for hosted customers after discovering an API endpoint that allowed unauthenticated access to customer data. The vulnerable endpoin
IncidentOverview of the Vulnerability On February 13, 2022, Adobe disclosed CVE-2022-24086 , a critical arbitrary code execution vulnerability in the Magento template engine. This flaw affected Magento Open S
IncidentWhat Happened Between late 2024 and early 2025, attackers published malicious Node.js packages to npm that used invisible Unicode characters and package manager configuration files to execute hidden c
IncidentOverview of the Vulnerability A vulnerability in the Linux kernel pipe implementation, known as CVE-2022-0847 , allowed any process to overwrite data in arbitrary read-only files. Dubbed Dirty Pipe, t
