Groups

Technical - Application Security

Contact owners and managers

1–30 of 4621

0 selected

1:08 AM

Why application security must start at the load balancer

https://www.csoonline.com/article/4138000/why-application-security-must-start-at-the-load-balancer.

unread,

Why application security must start at the load balancer

https://www.csoonline.com/article/4138000/why-application-security-must-start-at-the-load-balancer.

1:08 AM

Feb 27

Software governance in the AI era: Key findings from the 2026 OSSRA report

https://www.blackduck.com/blog/open-source-trends-ossra-report.html Eyal Estrin Author | Cloud

unread,

Software governance in the AI era: Key findings from the 2026 OSSRA report

https://www.blackduck.com/blog/open-source-trends-ossra-report.html Eyal Estrin Author | Cloud

Feb 27

Feb 25

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

https://www.csoonline.com/article/4136476/shai-hulud-style-npm-worm-hits-ci-pipelines-and-ai-coding-

unread,

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

https://www.csoonline.com/article/4136476/shai-hulud-style-npm-worm-hits-ci-pipelines-and-ai-coding-

Feb 25

Feb 25

AI found 12 of 12 OpenSSL zero-days (while curl cancelled its bug bounty)

https://www.lesswrong.com/posts/7aJwgbMEiKq5egQbd/ai-found-12-of-12-openssl-zero-days-while-curl-

unread,

AI found 12 of 12 OpenSSL zero-days (while curl cancelled its bug bounty)

https://www.lesswrong.com/posts/7aJwgbMEiKq5egQbd/ai-found-12-of-12-openssl-zero-days-while-curl-

Feb 25

Feb 24

Attackers Use New Tool to Scan for React2Shell Exposure

https://www.darkreading.com/application-security/attackers-new-tool-scan-react2shell-exposure Eyal

unread,

Attackers Use New Tool to Scan for React2Shell Exposure

https://www.darkreading.com/application-security/attackers-new-tool-scan-react2shell-exposure Eyal

Feb 24

Feb 22

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

https://orca.security/resources/blog/roguepilot-github-copilot-vulnerability/ Eyal Estrin Author |

unread,

RoguePilot: Exploiting GitHub Copilot for a Repository Takeover

https://orca.security/resources/blog/roguepilot-github-copilot-vulnerability/ Eyal Estrin Author |

Feb 22

Feb 21

SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains

https://socket.dev/blog/sandworm-mode-npm-worm-ai-toolchain-poisoning Eyal Estrin Author | Cloud

unread,

SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains

https://socket.dev/blog/sandworm-mode-npm-worm-ai-toolchain-poisoning Eyal Estrin Author | Cloud

Feb 21

Feb 21

How “Clinejection” Turned an AI Bot into a Supply Chain Attack

https://medium.com/@snyksec/how-clinejection-turned-an-ai-bot-into-a-supply-chain-attack-f54bb66b6ee8

unread,

How “Clinejection” Turned an AI Bot into a Supply Chain Attack

https://medium.com/@snyksec/how-clinejection-turned-an-ai-bot-into-a-supply-chain-attack-f54bb66b6ee8

Feb 21

Feb 20

Firebase Misconfiguration Exposes 300M Messages From Chat & Ask AI Users

https://hackread.com/firebase-misconfiguration-chat-ask-ai-users-expose/ Eyal Estrin Author | Cloud

unread,

Firebase Misconfiguration Exposes 300M Messages From Chat & Ask AI Users

https://hackread.com/firebase-misconfiguration-chat-ask-ai-users-expose/ Eyal Estrin Author | Cloud

Feb 20

Feb 19

How AI SAST Traced Data Flows to Uncover Six OpenClaw Vulnerabilities

https://www.endorlabs.com/learn/how-ai-sast-traced-data-flows-to-uncover-six-openclaw-vulnerabilities

unread,

How AI SAST Traced Data Flows to Uncover Six OpenClaw Vulnerabilities

https://www.endorlabs.com/learn/how-ai-sast-traced-data-flows-to-uncover-six-openclaw-vulnerabilities

Feb 19

Feb 19

What happens when you add AI to SAST

https://www.infoworld.com/article/4126765/what-happens-when-you-add-ai-to-sast.html Eyal Estrin

unread,

What happens when you add AI to SAST

https://www.infoworld.com/article/4126765/what-happens-when-you-add-ai-to-sast.html Eyal Estrin

Feb 19

Feb 18

Are passkeys as secure as you think?

https://cloudbrothers.info/slides/ArePasskeysAsSecureAsYouThink-Disobey2026.pdf Eyal Estrin Author |

unread,

Are passkeys as secure as you think?

https://cloudbrothers.info/slides/ArePasskeysAsSecureAsYouThink-Disobey2026.pdf Eyal Estrin Author |

Feb 18

Feb 17

The AI Identity Theft: Real-World Infostealer Infection Targeting OpenClaw Configurations

https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-

unread,

The AI Identity Theft: Real-World Infostealer Infection Targeting OpenClaw Configurations

https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-

Feb 17

Feb 13

Group-IB High-Tech Crime Trends Report 2026: Supply Chain Attacks Emerge as Top Global Cyber Threat

https://www.group-ib.com/media-center/press-releases/htct-2026-supply-chain/ Eyal Estrin Author |

unread,

Group-IB High-Tech Crime Trends Report 2026: Supply Chain Attacks Emerge as Top Global Cyber Threat

https://www.group-ib.com/media-center/press-releases/htct-2026-supply-chain/ Eyal Estrin Author |

Feb 13

Feb 13

“AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes

https://layerxsecurity.com/blog/aiframe-fake-ai-assistant-extensions-targeting-260000-chrome-users-

unread,

“AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes

https://layerxsecurity.com/blog/aiframe-fake-ai-assistant-extensions-targeting-260000-chrome-users-

Feb 13

Feb 12

Logic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability Class in Agentic Systems

https://cloudsecurityalliance.org/blog/2026/02/09/logic-layer-prompt-control-injection-lpci-a-novel-

unread,

Logic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability Class in Agentic Systems

https://cloudsecurityalliance.org/blog/2026/02/09/logic-layer-prompt-control-injection-lpci-a-novel-

Feb 12

Feb 12

Fixing the script: Journey to reduce XSS exposure

https://www.microsoft.com/en-us/msrc/blog/2026/02/fixing-the-script-journey-to-reduce-xss-exposure

unread,

Fixing the script: Journey to reduce XSS exposure

https://www.microsoft.com/en-us/msrc/blog/2026/02/fixing-the-script-journey-to-reduce-xss-exposure

Feb 12

Feb 11

Path Traversal in Rancher Local Path Provisioner Enables Host Filesystem Compromise Across K3s Clusters

https://orca.security/resources/blog/cve-2025-62878-rancher-local-path-provisioner/ Eyal Estrin

unread,

Path Traversal in Rancher Local Path Provisioner Enables Host Filesystem Compromise Across K3s Clusters

https://orca.security/resources/blog/cve-2025-62878-rancher-local-path-provisioner/ Eyal Estrin

Feb 11

Feb 9

New tool blocks imposter attacks disguised as safe commands

https://www.bleepingcomputer.com/news/security/new-tool-blocks-imposter-attacks-disguised-as-safe-

unread,

New tool blocks imposter attacks disguised as safe commands

https://www.bleepingcomputer.com/news/security/new-tool-blocks-imposter-attacks-disguised-as-safe-

Feb 9

Feb 8

Shai-hulud: The Hidden Cost of Supply Chain Attacks

https://www.darkreading.com/application-security/shai-hulud-hidden-cost-supply-chain-attacks Eyal

unread,

Shai-hulud: The Hidden Cost of Supply Chain Attacks

https://www.darkreading.com/application-security/shai-hulud-hidden-cost-supply-chain-attacks Eyal

Feb 8

Feb 7

Managing Software Supply Chain Security for the AI Era

https://www.veracode.com/blog/managing-software-supply-chain-security-ai Eyal Estrin Author | Cloud

unread,

Managing Software Supply Chain Security for the AI Era

https://www.veracode.com/blog/managing-software-supply-chain-security-ai Eyal Estrin Author | Cloud

Feb 7

Feb 7

Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise

https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi Eyal Estrin Author | Cloud

unread,

Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise

https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi Eyal Estrin Author | Cloud

Feb 7

Feb 5

Malicious Chrome Extension Performs Hidden Affiliate Hijacking

https://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking Eyal Estrin

unread,

Malicious Chrome Extension Performs Hidden Affiliate Hijacking

https://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking Eyal Estrin

Feb 5

Feb 5

n8n Sandbox Escape: Critical Vulnerabilities in n8n Exposes Hundreds of Thousands of Enterprise AI Systems to Complete Takeover

https://www.pillar.security/blog/n8n-sandbox-escape-critical-vulnerabilities-in-n8n-exposes-hundreds-

unread,

n8n Sandbox Escape: Critical Vulnerabilities in n8n Exposes Hundreds of Thousands of Enterprise AI Systems to Complete Takeover

https://www.pillar.security/blog/n8n-sandbox-escape-critical-vulnerabilities-in-n8n-exposes-hundreds-

Feb 5

Feb 5

Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious

https://securitylabs.datadoghq.com/articles/web-traffic-hijacking-nginx-configuration-malicious/ Eyal

unread,

Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious

https://securitylabs.datadoghq.com/articles/web-traffic-hijacking-nginx-configuration-malicious/ Eyal

Feb 5

Feb 5

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

https://orca.security/resources/blog/hacking-github-codespaces-rce-supply-chain-attack/ Eyal Estrin

unread,

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

https://orca.security/resources/blog/hacking-github-codespaces-rce-supply-chain-attack/ Eyal Estrin

Feb 5

Feb 5

Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

https://orca.security/resources/blog/cve-2026-22778-vllm-rce-vulnerability/ Eyal Estrin Author |

unread,

Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

https://orca.security/resources/blog/cve-2026-22778-vllm-rce-vulnerability/ Eyal Estrin Author |

Feb 5

Feb 4

DockerDash: Two Attack Paths, One AI Supply Chain Crisis

https://noma.security/blog/dockerdash-two-attack-paths-one-ai-supply-chain-crisis/ Eyal Estrin Author

unread,

DockerDash: Two Attack Paths, One AI Supply Chain Crisis

https://noma.security/blog/dockerdash-two-attack-paths-one-ai-supply-chain-crisis/ Eyal Estrin Author

Feb 4

Feb 3

Hacking Moltbook: The AI Social Network Any Human Can Control

https://www.wiz.io/blog/exposed-moltbook-database-reveals-millions-of-api-keys Eyal Estrin Author |

unread,

Hacking Moltbook: The AI Social Network Any Human Can Control

https://www.wiz.io/blog/exposed-moltbook-database-reveals-millions-of-api-keys Eyal Estrin Author |

Feb 3

Feb 1

Researcher reveals evidence of private Instagram profiles leaking photos

https://www.bleepingcomputer.com/news/security/researcher-reveals-evidence-of-private-instagram-

unread,

Researcher reveals evidence of private Instagram profiles leaking photos

https://www.bleepingcomputer.com/news/security/researcher-reveals-evidence-of-private-instagram-

Feb 1

Search

Clear search

Close search

Google apps

Main menu