Expert perspectives on application security, compliance, and emerging threats
IncidentWhat Happened Adobe released a security patch for Magento in February 2022 to address CVE-2022-24086 , a critical vulnerability allowing SQL injection or PHP object injection during checkout for unaut
IncidentWhat Happened Your security team ran quarterly automated penetration tests on your production environment. The reports showed stable results: no critical findings and a few medium-severity issues alre
IncidentThe Issue at Hand Between late 2024 and early 2025, Checkmarx commissioned Censuswide to survey security and development leaders in organizations using AI code generation tools. The findings revealed
IncidentOn March 15, 2022, thousands of developers running npm install unknowingly pulled malicious code into their projects. The maintainer of node-ipc—a widely-used inter-process communication library—intro
Get weekly security insights and compliance updates delivered to your inbox.
IncidentWhat Happened The Miasma worm s source code was deliberately distributed on GitHub through compromised developer accounts. Unlike accidental exposures or proof-of-concept leaks, this was a targeted at
IncidentOn May 11, 2026, attackers published 84 malicious npm packages across 42 @tanstack repositories. Each package carried cryptographically valid SLSA Build Level 3 attestations. If your team relies on SL
IncidentWhat Happened Microsoft removed 73 GitHub repositories after malware compromised developer credentials and exposed a PyPI publishing token. The attack targeted the durabletask PyPI token, allowing an
IncidentA path traversal vulnerability in Langflow—an open-source AI development platform with more than 149,000 GitHub stars—is being actively exploited. CVE-2026-5027 allows attackers to write arbitrary fil
IncidentCyera s security researchers disclosed six vulnerabilities in protobuf.js that turned schema validation—a process most teams assume is safe—into a remote code execution (RCE) pathway. The vulnerabilit
IncidentWhat Happened An unauthenticated remote code execution vulnerability (CVE-2026-5027) in Langflow, an open-source platform for building AI applications, remains unpatched despite active exploitation. T
IncidentSummary of Events For over 15 years, npm allowed packages to execute arbitrary code during installation through preinstall, install, and postinstall scripts. These scripts ran automatically whenever a
IncidentOverview of the Vulnerability A critical remote code execution vulnerability in the Mirasvit Full Page Cache Warmer extension for Magento 2 and Adobe Commerce allowed attackers to execute arbitrary co
IncidentWhat Happened StepSecurity researchers uncovered a malware campaign targeting Python development environments and AI-powered security tools. The malware, named Hades, compromised the C++ library ensma
IncidentWhat Happened BerriAI s LiteLLM, a proxy layer for managing multiple LLM providers, contained a command injection vulnerability ( CVE-2026-42271 ) that allowed authenticated users to execute arbitrary
IncidentA command injection vulnerability in BerryAI s LiteLLM has been added to CISA s Known Exploited Vulnerabilities catalog and is under active exploitation. CVE-2026-42271 allows attackers to execute arb
IncidentWhat Happened On June 5, 2026, ServiceNow applied an emergency security update after discovering that attackers had exploited an unauthenticated REST endpoint to query customer instance data. The vuln
