Groups

Technical - Application Security

Contact owners and managers

1–30 of 4567

0 selected

Jan 8

Critical jsPDF flaw lets hackers steal secrets via generated PDFs

https://www.bleepingcomputer.com/news/security/critical-jspdf-flaw-lets-hackers-steal-secrets-via-

unread,

Critical jsPDF flaw lets hackers steal secrets via generated PDFs

https://www.bleepingcomputer.com/news/security/critical-jspdf-flaw-lets-hackers-steal-secrets-via-

Jan 8

Jan 8

The future of secrets and identity management

https://www.hashicorp.com/en/blog/the-future-of-secrets-and-identity-management Eyal Estrin CISSP,

unread,

The future of secrets and identity management

https://www.hashicorp.com/en/blog/the-future-of-secrets-and-identity-management Eyal Estrin CISSP,

Jan 8

Jan 8

npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens

https://socket.dev/blog/npm-to-implement-staged-publishing Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE

unread,

npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens

https://socket.dev/blog/npm-to-implement-staged-publishing Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE

Jan 8

Jan 7

A Broken System Fueling Botnets

https://synthient.com/blog/a-broken-system-fueling-botnets Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE

unread,

A Broken System Fueling Botnets

https://synthient.com/blog/a-broken-system-fueling-botnets Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE

Jan 7

Jan 6

All I Want for Christmas is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664)

https://cyata.ai/blog/langgrinch-langchain-core-cve-2025-68664/ Eyal Estrin CISSP, CCSP, CISM, CISA,

unread,

All I Want for Christmas is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664)

https://cyata.ai/blog/langgrinch-langchain-core-cve-2025-68664/ Eyal Estrin CISSP, CCSP, CISM, CISA,

Jan 6

Jan 6

Prekey Pogo: Investigating Security and Privacy Issues in WhatsApp’s Handshake Mechanism

https://www.usenix.org/system/files/woot25-gegenhuber.pdf Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

unread,

Prekey Pogo: Investigating Security and Privacy Issues in WhatsApp’s Handshake Mechanism

https://www.usenix.org/system/files/woot25-gegenhuber.pdf Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

Jan 6

Jan 6

VSCode IDE forks expose users to "recommended extension" attacks

https://www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension

unread,

VSCode IDE forks expose users to "recommended extension" attacks

https://www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension

Jan 6

Jan 1

Shai Hulud strikes again - The golden path

https://www.aikido.dev/blog/shai-hulud-strikes-again---the-golden-path Eyal Estrin CISSP, CCSP, CISM,

unread,

Shai Hulud strikes again - The golden path

https://www.aikido.dev/blog/shai-hulud-strikes-again---the-golden-path Eyal Estrin CISSP, CCSP, CISM,

Jan 1

12/31/25

Blind trust: what is hidden behind the process of creating your PDF file?

https://swarm.ptsecurity.com/blind-trust-what-is-hidden-behind-the-process-of-creating-your-pdf-file/

unread,

Blind trust: what is hidden behind the process of creating your PDF file?

https://swarm.ptsecurity.com/blind-trust-what-is-hidden-behind-the-process-of-creating-your-pdf-file/

12/31/25

12/24/25

NPM Package With 56K Downloads Caught Stealing WhatsApp Messages

https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages Eyal Estrin

unread,

NPM Package With 56K Downloads Caught Stealing WhatsApp Messages

https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages Eyal Estrin

12/24/25

12/24/25

JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent

https://xmcyber.com/blog/jumpshot-xm-cyber-uncovers-critical-local-privilege-escalation-cve-2025-

unread,

JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent

https://xmcyber.com/blog/jumpshot-xm-cyber-uncovers-critical-local-privilege-escalation-cve-2025-

12/24/25

12/15/25

Oyster Backdoor Resurfaces: Analyzing the Latest SEO Poisoning Attacks

https://www.cyberproof.com/blog/oyster-backdoor-resurfaces-analyzing-the-latest-seo-poisoning-attacks

unread,

Oyster Backdoor Resurfaces: Analyzing the Latest SEO Poisoning Attacks

https://www.cyberproof.com/blog/oyster-backdoor-resurfaces-analyzing-the-latest-seo-poisoning-attacks

12/15/25

12/14/25

The Fragile Lock: Novel Bypasses For SAML Authentication

http://i.blackhat.com/BH-EU-25/eu-25-Fedotkin-TheFragileLock.pdf http://i.blackhat.com/BH-EU-25/eu-25

unread,

The Fragile Lock: Novel Bypasses For SAML Authentication

http://i.blackhat.com/BH-EU-25/eu-25-Fedotkin-TheFragileLock.pdf http://i.blackhat.com/BH-EU-25/eu-25

12/14/25

12/14/25

GitHub Action tj-actions/changed-files supply chain attack: everything you need to know

https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066

unread,

GitHub Action tj-actions/changed-files supply chain attack: everything you need to know

https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066

12/14/25

12/14/25

Vibe Coding: Innovation Demands Vigilance

https://www.darkreading.com/application-security/vibe-coding-innovation-demands-vigilance Eyal Estrin

unread,

Vibe Coding: Innovation Demands Vigilance

https://www.darkreading.com/application-security/vibe-coding-innovation-demands-vigilance Eyal Estrin

12/14/25

12/12/25

Microsoft Copilot Studio Security Risk: How Simple Prompt Injection Leaked Credit Cards and Booked a $0 Trip

https://www.tenable.com/blog/microsoft-copilot-studio-security-risk-how-simple-prompt-injection-

unread,

Microsoft Copilot Studio Security Risk: How Simple Prompt Injection Leaked Credit Cards and Booked a $0 Trip

https://www.tenable.com/blog/microsoft-copilot-studio-security-risk-how-simple-prompt-injection-

12/12/25

12/12/25

Why a secure software development life cycle is critical for manufacturers

https://www.bleepingcomputer.com/news/security/why-a-secure-software-development-life-cycle-is-

unread,

Why a secure software development life cycle is critical for manufacturers

https://www.bleepingcomputer.com/news/security/why-a-secure-software-development-life-cycle-is-

12/12/25

12/12/25

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-

unread,

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-

12/12/25

12/11/25

Further Hardening Android GPUs

https://security.googleblog.com/2025/12/further-hardening-android-gpus.html Eyal Estrin CISSP, CCSP,

unread,

Further Hardening Android GPUs

https://security.googleblog.com/2025/12/further-hardening-android-gpus.html Eyal Estrin CISSP, CCSP,

12/11/25

12/11/25

Gogs 0-Day Exploited in the Wild (CVE-2025-8110)

https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Eyal Estrin CISSP, CCSP, CISM,

unread,

Gogs 0-Day Exploited in the Wild (CVE-2025-8110)

https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Eyal Estrin CISSP, CCSP, CISM,

12/11/25

12/11/25

Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk

https://flare.io/learn/resources/docker-hub-secrets-exposed/ Eyal Estrin CISSP, CCSP, CISM, CISA,

unread,

Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk

https://flare.io/learn/resources/docker-hub-secrets-exposed/ Eyal Estrin CISSP, CCSP, CISM, CISA,

12/11/25

12/9/25

JPEGs Just Got Snipped: Croppable Signatures Against Deepfake Images

https://arxiv.org/pdf/2512.01845 Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://

unread,

JPEGs Just Got Snipped: Croppable Signatures Against Deepfake Images

https://arxiv.org/pdf/2512.01845 Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://

12/9/25

12/6/25

PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents

https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents Eyal Estrin CISSP, CCSP, CISM, CISA,

unread,

PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents

https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents Eyal Estrin CISSP, CCSP, CISM, CISA,

12/6/25

12/5/25

PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities

https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/ Eyal Estrin CISSP, CCSP,

unread,

PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities

https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/ Eyal Estrin CISSP, CCSP,

12/5/25

12/4/25

Critical Vulnerabilities in React and Next.js: everything you need to know (CVE-2025-55182 and CVE-2025-66478)

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 Eyal Estrin CISSP, CCSP, CISM,

unread,

Critical Vulnerabilities in React and Next.js: everything you need to know (CVE-2025-55182 and CVE-2025-66478)

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 Eyal Estrin CISSP, CCSP, CISM,

12/4/25

12/3/25

How prompt caching works - Paged Attention and Automatic Prefix Caching plus practical tips

https://sankalp.bearblog.dev/how-prompt-caching-works/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

unread,

How prompt caching works - Paged Attention and Automatic Prefix Caching plus practical tips

https://sankalp.bearblog.dev/how-prompt-caching-works/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

12/3/25

12/3/25

The NPM Malware That Tried to Gaslight Security Scanners

https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-

unread,

The NPM Malware That Tried to Gaslight Security Scanners

https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-

12/3/25

12/2/25

CVE-2025-61260 — OpenAI Codex CLI: Command Injection via Project-Local Configuration

https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/ Eyal Estrin

unread,

CVE-2025-61260 — OpenAI Codex CLI: Command Injection via Project-Local Configuration

https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/ Eyal Estrin

12/2/25

12/1/25

Privilege escalation with SageMaker and there's more hiding in execution roles

https://www.plerion.com/blog/privilege-escalation-with-sagemaker-and-execution-roles Eyal Estrin

unread,

Privilege escalation with SageMaker and there's more hiding in execution roles

https://www.plerion.com/blog/privilege-escalation-with-sagemaker-and-execution-roles Eyal Estrin

12/1/25

11/29/25

Bootstrap script exposes PyPI to domain takeover attacks

https://www.reversinglabs.com/blog/bootstrap-script-exposes-pypi-to-domain-takeover-attack Eyal

unread,

Bootstrap script exposes PyPI to domain takeover attacks

https://www.reversinglabs.com/blog/bootstrap-script-exposes-pypi-to-domain-takeover-attack Eyal

11/29/25

Search

Clear search

Close search

Google apps

Main menu