Expert perspectives on application security, compliance, and emerging threats
IncidentThe Challenge of AI-Driven Vulnerability Discovery On April 7, Anthropic released Claude Mythos Preview, an AI system designed to identify security vulnerabilities at scale. This tool promised to scan
IncidentWhat Happened A critical remote code execution vulnerability in Langflow—an open-source tool for building AI pipelines—was exploited in the wild within 20 hours of public disclosure. The vulnerability
IncidentOverview of the Vulnerability Unit 42 researchers have identified a vulnerability in Google Cloud Vertex AI s permission model. This flaw allows attackers with compromised credentials to escalate priv
IncidentWhat Happened On March 31, 2026, malicious versions of the axios npm package (1.14.1 and 0.30.4) were published to the npm registry using a compromised maintainer account (@jasonsaayman). The attacker
Get weekly security insights and compliance updates delivered to your inbox.
IncidentWhat Happened Recently, attackers published two malicious versions of Axios—the npm HTTP client used by millions of JavaScript applications. Versions 1.14.1 and 0.30.4 introduced a dependency called p
IncidentWhat Happened Cisco s development environment was compromised when attackers used credentials stolen from a supply chain attack on Trivy, an open-source vulnerability scanner. The threat group TeamPCP
IncidentWhat Happened OpenAI recently patched two vulnerabilities in its AI products that could have enabled unauthorized data movement. The first, discovered by BeyondTrust researchers, affected Codex: a com
IncidentWhat Happened Attackers compromised the Aqua Security repository hosting Trivy , a widely used vulnerability scanner, poisoning 75 of 76 version tags. This turned a tool meant to find vulnerabilities
IncidentWhat Happened Security researcher Chaofan Shou recently discovered that Anthropic accidentally exposed the complete source code for Claude Code—their AI coding agent—through a public npm package. The
IncidentWhat Happened Since January 2025, threat actor UNC1069—linked to North Korean groups BlueNoroff, Sapphire Sleet, and Stardust Chollima—deployed over 1,700 malicious packages across npm, PyPI, Go, and
IncidentThe Crisis Unfolds In Q1 2026, Sonatype identified 21,764 malicious packages in open source repositories, with npm accounting for 75% of these. That s 16,323 malicious packages targeting JavaScript de
IncidentOverview of the Attack An attacker used an AI tool named PRT-scan to systematically scan GitHub repositories for misconfigurations that expose secrets. This attack automated the process of reconnaissa
IncidentThe Emerging Threat Vulnerabilities are being exploited faster than your team can deploy patches. The traditional workflow—discover, prioritize, test, deploy—now lags behind the speed of exploitation.
IncidentWhat Happened In early 2025, security researchers at OX Security disclosed a critical vulnerability in Anthropic s Model Context Protocol (MCP) that allows remote code execution. This flaw affects ove
IncidentWhat Happened On December 20, 2024, Vercel discovered unauthorized access to their internal systems through a compromised OAuth token belonging to Context.ai, a third-party AI coding assistant integra
IncidentWhat Happened On April 22, 2025, attackers published a malicious version of the Bitwarden CLI password manager (version 2026.4.0) to the npm registry. The compromised package was available for about 1
