Expert perspectives on application security, compliance, and emerging threats
IncidentWhat Happened On or after June 11, an attacker compromised over 400 packages in the Arch User Repository (AUR) by exploiting a fundamental weakness in community-maintained package systems: abandonment
IncidentWhat Happened In January 2025, Check Point researcher Yarden Porat disclosed three vulnerabilities in LangGraph, a framework for building stateful AI agent workflows. The most severe, CVE-2025-67644 (
IncidentWhat Happened Between late 2023 and early 2024, three incidents highlighted a shift from opportunistic cyber attacks to professional service operations. SafeDep documented the Miasma supply chain atta
IncidentWhat Happened A remote code execution vulnerability was discovered in Celery , a widely-used Python distributed task queue. This flaw allowed attackers to execute arbitrary commands through object tra
Get weekly security insights and compliance updates delivered to your inbox.
IncidentYour AI agent just forwarded AWS credentials to an attacker. The request came through a routine email contact. No exploit kit, no zero-day — just a text field the agent trusted implicitly. Two researc
IncidentWhat Happened Nothing broke. No breach occurred. No credentials leaked. That s the point. GitHub announced that npm version 12, releasing next month, will disable install scripts by default. This is a
IncidentWhat Happened On June 5, ServiceNow issued security update KB3067321 for hosted customers after discovering an API endpoint that allowed unauthenticated access to customer data. The vulnerable endpoin
IncidentOverview of the Vulnerability On February 13, 2022, Adobe disclosed CVE-2022-24086 , a critical arbitrary code execution vulnerability in the Magento template engine. This flaw affected Magento Open S
IncidentWhat Happened Between late 2024 and early 2025, attackers published malicious Node.js packages to npm that used invisible Unicode characters and package manager configuration files to execute hidden c
IncidentOverview of the Vulnerability A vulnerability in the Linux kernel pipe implementation, known as CVE-2022-0847 , allowed any process to overwrite data in arbitrary read-only files. Dubbed Dirty Pipe, t
IncidentWhat Happened Adobe released a security patch for Magento in February 2022 to address CVE-2022-24086 , a critical vulnerability allowing SQL injection or PHP object injection during checkout for unaut
IncidentWhat Happened Your security team ran quarterly automated penetration tests on your production environment. The reports showed stable results: no critical findings and a few medium-severity issues alre
IncidentWhat Happened The Miasma worm s source code was deliberately distributed on GitHub through compromised developer accounts. Unlike accidental exposures or proof-of-concept leaks, this was a targeted at
IncidentOn May 11, 2026, attackers published 84 malicious npm packages across 42 @tanstack repositories. Each package carried cryptographically valid SLSA Build Level 3 attestations. If your team relies on SL
IncidentWhat Happened Microsoft removed 73 GitHub repositories after malware compromised developer credentials and exposed a PyPI publishing token. The attack targeted the durabletask PyPI token, allowing an
IncidentA path traversal vulnerability in Langflow—an open-source AI development platform with more than 149,000 GitHub stars—is being actively exploited. CVE-2026-5027 allows attackers to write arbitrary fil
