Expert perspectives on application security, compliance, and emerging threats
IncidentYour AI agent just forwarded AWS credentials to an attacker. The request came through a routine email contact. No exploit kit, no zero-day — just a text field the agent trusted implicitly. Two researc
IncidentWhat Happened Between late 2025 and June 11, 2026, attackers executed a supply chain attack against the Arch User Repository (AUR). They adopted orphaned packages—projects whose original maintainers h
GuidesYour AI agents need identity records just like your employees do. However, many security teams still track them in spreadsheets or, worse, don t track them at all. When an agent holds API keys to your
IncidentWhat Happened Nothing broke. No breach occurred. No credentials leaked. That s the point. GitHub announced that npm version 12, releasing next month, will disable install scripts by default. This is a
Get weekly security insights and compliance updates delivered to your inbox.
GeneralYour marketing team recently used an AI agent to build a customer analytics dashboard. The agent selected three npm packages that seemed perfect: tracking user behavior, exporting data to CSV, and sen
IncidentWhat Happened On June 5, ServiceNow issued security update KB3067321 for hosted customers after discovering an API endpoint that allowed unauthenticated access to customer data. The vulnerable endpoin
GeneralScope This guide focuses on transitioning from traditional line-by-line code reviews to intent verification systems for teams facing AI-generated code bottlenecks. You ll find specific steps for imple
IncidentOverview of the Vulnerability On February 13, 2022, Adobe disclosed CVE-2022-24086 , a critical arbitrary code execution vulnerability in the Magento template engine. This flaw affected Magento Open S
IncidentWhat Happened Between late 2024 and early 2025, attackers published malicious Node.js packages to npm that used invisible Unicode characters and package manager configuration files to execute hidden c
IncidentOverview of the Vulnerability A vulnerability in the Linux kernel pipe implementation, known as CVE-2022-0847 , allowed any process to overwrite data in arbitrary read-only files. Dubbed Dirty Pipe, t
IncidentWhat Happened Adobe released a security patch for Magento in February 2022 to address CVE-2022-24086 , a critical vulnerability allowing SQL injection or PHP object injection during checkout for unaut
IncidentWhat Happened Your security team ran quarterly automated penetration tests on your production environment. The reports showed stable results: no critical findings and a few medium-severity issues alre
IncidentThe Issue at Hand Between late 2024 and early 2025, Checkmarx commissioned Censuswide to survey security and development leaders in organizations using AI code generation tools. The findings revealed
IncidentOn March 15, 2022, thousands of developers running npm install unknowingly pulled malicious code into their projects. The maintainer of node-ipc—a widely-used inter-process communication library—intro
ResearchThe Challenge Your development team has boosted sprint velocity by 40%. Code moves from developer workstations to production faster than ever. Pull requests that once took days now close in hours. The
GeneralSecurity vendors and AI labs are promoting large language models as the future of automated vulnerability detection. The excitement peaked when XBOW evaluated Anthropic s Mythos Preview model, noting
