Expert perspectives on application security, compliance, and emerging threats
IncidentWhat Happened Threat actors exploited CVE-2026-21385 , a high-severity memory corruption vulnerability in Qualcomm chipsets, in targeted attacks against Android devices. Security researchers identifie
IncidentWhat Happened Between February and late 2025, threat actors deployed Coruna—an iOS exploit kit containing five complete exploit chains and 23 individual exploits—against targets ranging from iPhone mo
IncidentOverview of the Vulnerability Security researchers at OX Security disclosed CVE-2026-28289 , a critical vulnerability in FreeScout, an open-source, self-hosted help desk platform. This flaw allows una
IncidentOverview of Findings Security researchers at Wiz spent two years examining AI infrastructure deployments to uncover exploitable vulnerabilities. Their findings reveal that while many teams focus on pr
Get weekly security insights and compliance updates delivered to your inbox.
IncidentIncident Overview Orca Security discovered RoguePilot, a vulnerability in GitHub Codespaces that allowed attackers to manipulate GitHub Copilot into leaking GITHUB_TOKEN credentials. Attackers embedde
IncidentThe Challenge A financial services organization believed they had a robust security architecture with WAFs , application-layer security controls, runtime protection, and comprehensive monitoring. Howe
IncidentAttack Overview Attackers have targeted government and public-sector organizations by exploiting OAuth 2.0 s error handling mechanisms. The attack began with phishing emails containing malicious links
IncidentWhat Happened On February 17, 2026, an attacker exploited a compromised npm publish token to release Cline CLI version 2.3.0, an unauthorized update that installed OpenClaw on developer systems. This
IncidentOverview of the Incident On February 6, n8n released version 2.6.4 to address a stored cross-site scripting (XSS) vulnerability in its handling of OAuth credentials. Security researchers at Imperva fo
IncidentYour security team invested in threat intelligence feeds, built a threat modeling framework, and ran quarterly vulnerability assessments. Yet, an adversary exploited a gap you d documented but never v
IncidentWhat Happened OpenClaw, a self-hosted AI platform, had a vulnerability that allowed malicious websites to hijack local instances through brute-force password attacks. The attack was simple: a user vis
IncidentWhat Happened Your development team deployed an internal LLM service with an exposed API endpoint for rapid prototyping. The endpoint used a hardcoded API key with broad permissions to access the orga
IncidentOn a Tuesday morning, developers running npm update unknowingly downloaded [email protected] — an unauthorized release published without human approval. The package remained live for eight hours, during whi
IncidentWhat Happened Researchers demonstrated a successful promptware attack against Google s AI systems using a simple calendar invitation. The attack began when an AI agent processed a malicious Google Cal
IncidentThe Problem A mid-sized fintech company s security team spent three weeks triaging 847 vulnerabilities flagged by their static analysis tool during a pre-release audit. After manual investigation, the
IncidentThe Problem A mid-sized financial services company found a critical authentication bypass vulnerability in their customer portal during a routine scan. The vulnerability management team logged it, ass
