Expert perspectives on application security, compliance, and emerging threats
IncidentA single HTTP header with an underscore instead of a hyphen bypassed authentication for an entire OAuth2-proxy deployment. No brute force. No stolen credentials. Just X_Forwarded_User instead of X-For
IncidentWhat Happened A recent campaign by the North Korean threat actor group Famous Chollima involved the publication of 26 malicious packages to the npm registry. These packages deployed a cross-platform r
IncidentThe Surge in API Attacks In the first half of 2025, small and medium-sized businesses (SMBs) faced over 1.45 billion attacks, with API-targeted exploits increasing 74 times compared to previous period
IncidentUnderstanding the Gap in AI Pentesting CyberMaddy, a security researcher, evaluated Burp AI s vulnerability detection capabilities using test web applications. The tool identified common vulnerabiliti
Get weekly security insights and compliance updates delivered to your inbox.
IncidentWhat Happened OX Security discovered CVE-2026-28289 , a zero-click remote code execution vulnerability in FreeScout, an open-source helpdesk platform. This flaw allowed attackers to execute arbitrary
IncidentWhat Happened Threat actors exploited CVE-2026-21385 , a high-severity memory corruption vulnerability in Qualcomm chipsets, in targeted attacks against Android devices. Security researchers identifie
IncidentWhat Happened Between February and late 2025, threat actors deployed Coruna—an iOS exploit kit containing five complete exploit chains and 23 individual exploits—against targets ranging from iPhone mo
IncidentOverview of the Vulnerability Security researchers at OX Security disclosed CVE-2026-28289 , a critical vulnerability in FreeScout, an open-source, self-hosted help desk platform. This flaw allows una
IncidentWhat Happened Your team might face a critical vulnerability in production that your CI/CD security pipeline had previously scanned and cleared. Consider a SQL injection flaw in a user authentication e
IncidentOverview of Findings Security researchers at Wiz spent two years examining AI infrastructure deployments to uncover exploitable vulnerabilities. Their findings reveal that while many teams focus on pr
IncidentIncident Overview Orca Security discovered RoguePilot, a vulnerability in GitHub Codespaces that allowed attackers to manipulate GitHub Copilot into leaking GITHUB_TOKEN credentials. Attackers embedde
IncidentThe Challenge A financial services organization believed they had a robust security architecture with WAFs , application-layer security controls, runtime protection, and comprehensive monitoring. Howe
IncidentAttack Overview Attackers have targeted government and public-sector organizations by exploiting OAuth 2.0 s error handling mechanisms. The attack began with phishing emails containing malicious links
IncidentWhat Happened On February 17, 2026, an attacker exploited a compromised npm publish token to release Cline CLI version 2.3.0, an unauthorized update that installed OpenClaw on developer systems. This
IncidentThe Problem: Widespread Vulnerabilities According to Datadog s State of DevSecOps 2026 report, 87% of organizations are running at least one exploitable vulnerability in their production services. The
IncidentOverview of the Incident On February 6, n8n released version 2.6.4 to address a stored cross-site scripting (XSS) vulnerability in its handling of OAuth credentials. Security researchers at Imperva fo
