Groups

Technical - Application Security

Contact owners and managers

1–30 of 4556

0 selected

Dec 15

Oyster Backdoor Resurfaces: Analyzing the Latest SEO Poisoning Attacks

https://www.cyberproof.com/blog/oyster-backdoor-resurfaces-analyzing-the-latest-seo-poisoning-attacks

unread,

Oyster Backdoor Resurfaces: Analyzing the Latest SEO Poisoning Attacks

https://www.cyberproof.com/blog/oyster-backdoor-resurfaces-analyzing-the-latest-seo-poisoning-attacks

Dec 15

Dec 14

The Fragile Lock: Novel Bypasses For SAML Authentication

http://i.blackhat.com/BH-EU-25/eu-25-Fedotkin-TheFragileLock.pdf http://i.blackhat.com/BH-EU-25/eu-25

unread,

The Fragile Lock: Novel Bypasses For SAML Authentication

http://i.blackhat.com/BH-EU-25/eu-25-Fedotkin-TheFragileLock.pdf http://i.blackhat.com/BH-EU-25/eu-25

Dec 14

Dec 14

GitHub Action tj-actions/changed-files supply chain attack: everything you need to know

https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066

unread,

GitHub Action tj-actions/changed-files supply chain attack: everything you need to know

https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066

Dec 14

Dec 14

Vibe Coding: Innovation Demands Vigilance

https://www.darkreading.com/application-security/vibe-coding-innovation-demands-vigilance Eyal Estrin

unread,

Vibe Coding: Innovation Demands Vigilance

https://www.darkreading.com/application-security/vibe-coding-innovation-demands-vigilance Eyal Estrin

Dec 14

Dec 12

Microsoft Copilot Studio Security Risk: How Simple Prompt Injection Leaked Credit Cards and Booked a $0 Trip

https://www.tenable.com/blog/microsoft-copilot-studio-security-risk-how-simple-prompt-injection-

unread,

Microsoft Copilot Studio Security Risk: How Simple Prompt Injection Leaked Credit Cards and Booked a $0 Trip

https://www.tenable.com/blog/microsoft-copilot-studio-security-risk-how-simple-prompt-injection-

Dec 12

Dec 12

Why a secure software development life cycle is critical for manufacturers

https://www.bleepingcomputer.com/news/security/why-a-secure-software-development-life-cycle-is-

unread,

Why a secure software development life cycle is critical for manufacturers

https://www.bleepingcomputer.com/news/security/why-a-secure-software-development-life-cycle-is-

Dec 12

Dec 12

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-

unread,

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

https://www.microsoft.com/en-us/security/blog/2025/12/09/shai-hulud-2-0-guidance-for-detecting-

Dec 12

Dec 11

Further Hardening Android GPUs

https://security.googleblog.com/2025/12/further-hardening-android-gpus.html Eyal Estrin CISSP, CCSP,

unread,

Further Hardening Android GPUs

https://security.googleblog.com/2025/12/further-hardening-android-gpus.html Eyal Estrin CISSP, CCSP,

Dec 11

Dec 11

Gogs 0-Day Exploited in the Wild (CVE-2025-8110)

https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Eyal Estrin CISSP, CCSP, CISM,

unread,

Gogs 0-Day Exploited in the Wild (CVE-2025-8110)

https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Eyal Estrin CISSP, CCSP, CISM,

Dec 11

Dec 11

Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk

https://flare.io/learn/resources/docker-hub-secrets-exposed/ Eyal Estrin CISSP, CCSP, CISM, CISA,

unread,

Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk

https://flare.io/learn/resources/docker-hub-secrets-exposed/ Eyal Estrin CISSP, CCSP, CISM, CISA,

Dec 11

Dec 9

JPEGs Just Got Snipped: Croppable Signatures Against Deepfake Images

https://arxiv.org/pdf/2512.01845 Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://

unread,

JPEGs Just Got Snipped: Croppable Signatures Against Deepfake Images

https://arxiv.org/pdf/2512.01845 Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://

Dec 9

Dec 6

PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents

https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents Eyal Estrin CISSP, CCSP, CISM, CISA,

unread,

PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents

https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents Eyal Estrin CISSP, CCSP, CISM, CISA,

Dec 6

Dec 5

PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities

https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/ Eyal Estrin CISSP, CCSP,

unread,

PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities

https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/ Eyal Estrin CISSP, CCSP,

Dec 5

Dec 4

Critical Vulnerabilities in React and Next.js: everything you need to know (CVE-2025-55182 and CVE-2025-66478)

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 Eyal Estrin CISSP, CCSP, CISM,

unread,

Critical Vulnerabilities in React and Next.js: everything you need to know (CVE-2025-55182 and CVE-2025-66478)

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 Eyal Estrin CISSP, CCSP, CISM,

Dec 4

Dec 3

How prompt caching works - Paged Attention and Automatic Prefix Caching plus practical tips

https://sankalp.bearblog.dev/how-prompt-caching-works/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

unread,

How prompt caching works - Paged Attention and Automatic Prefix Caching plus practical tips

https://sankalp.bearblog.dev/how-prompt-caching-works/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

Dec 3

Dec 3

The NPM Malware That Tried to Gaslight Security Scanners

https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-

unread,

The NPM Malware That Tried to Gaslight Security Scanners

https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-

Dec 3

Dec 2

CVE-2025-61260 — OpenAI Codex CLI: Command Injection via Project-Local Configuration

https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/ Eyal Estrin

unread,

CVE-2025-61260 — OpenAI Codex CLI: Command Injection via Project-Local Configuration

https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/ Eyal Estrin

Dec 2

Dec 1

Privilege escalation with SageMaker and there's more hiding in execution roles

https://www.plerion.com/blog/privilege-escalation-with-sagemaker-and-execution-roles Eyal Estrin

unread,

Privilege escalation with SageMaker and there's more hiding in execution roles

https://www.plerion.com/blog/privilege-escalation-with-sagemaker-and-execution-roles Eyal Estrin

Dec 1

Nov 29

Bootstrap script exposes PyPI to domain takeover attacks

https://www.reversinglabs.com/blog/bootstrap-script-exposes-pypi-to-domain-takeover-attack Eyal

unread,

Bootstrap script exposes PyPI to domain takeover attacks

https://www.reversinglabs.com/blog/bootstrap-script-exposes-pypi-to-domain-takeover-attack Eyal

Nov 29

Nov 29

Scanning 5.6 million public GitLab repositories for secrets

https://trufflesecurity.com/blog/scanning-2-6-million-public-bitbucket-cloud-repositories-for-secrets

unread,

Scanning 5.6 million public GitLab repositories for secrets

https://trufflesecurity.com/blog/scanning-2-6-million-public-bitbucket-cloud-repositories-for-secrets

Nov 29

Nov 27

Malicious Chrome Extension Injects Hidden SOL Fees Into Solana Swaps

https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps Eyal

unread,

Malicious Chrome Extension Injects Hidden SOL Fees Into Solana Swaps

https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps Eyal

Nov 27

Nov 27

Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)

https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the

unread,

Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)

https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the

Nov 27

Nov 26

The slow rise of SBOMs meets the rapid advance of AI

https://cyberscoop.com/sbom-adoption-challenges-ai-coding-transparency/ Eyal Estrin CISSP, CCSP, CISM

unread,

The slow rise of SBOMs meets the rapid advance of AI

https://cyberscoop.com/sbom-adoption-challenges-ai-coding-transparency/ Eyal Estrin CISSP, CCSP, CISM

Nov 26

Nov 26

Awesome npm Security Best Practices

https://github.com/lirantal/npm-security-best-practices Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

unread,

Awesome npm Security Best Practices

https://github.com/lirantal/npm-security-best-practices Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

Nov 26

Nov 26

Antigravity Grounded! Security Vulnerabilities in Google's Latest IDE

https://embracethered.com/blog/posts/2025/security-keeps-google-antigravity-grounded/ Eyal Estrin

unread,

Antigravity Grounded! Security Vulnerabilities in Google's Latest IDE

https://embracethered.com/blog/posts/2025/security-keeps-google-antigravity-grounded/ Eyal Estrin

Nov 26

Nov 25

SPIFFE: Securing the identity of agentic AI and non-human actors

https://www.hashicorp.com/en/blog/spiffe-securing-the-identity-of-agentic-ai-and-non-human-actors

unread,

SPIFFE: Securing the identity of agentic AI and non-human actors

https://www.hashicorp.com/en/blog/spiffe-securing-the-identity-of-agentic-ai-and-non-human-actors

Nov 25

Nov 25

Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed

https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack Eyal Estrin CISSP, CCSP, CISM,

unread,

Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed

https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack Eyal Estrin CISSP, CCSP, CISM,

Nov 25

Nov 25

Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover

https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-

unread,

Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover

https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-

Nov 25

Nov 24

Comet’s MCP API Allows AI Browsers to Execute Local Commands

https://labs.sqrx.com/comet-mcp-api-allows-ai-browsers-to-execute-local-commands-dec185fb524b Eyal

unread,

Comet’s MCP API Allows AI Browsers to Execute Local Commands

https://labs.sqrx.com/comet-mcp-api-allows-ai-browsers-to-execute-local-commands-dec185fb524b Eyal

Nov 24

Nov 22

Salesforce / Gainsight OAuth-token incident — potential customer-data exposure

Salesforce says some of its customers' data was accessed after Gainsight breach https://

unread,

Salesforce / Gainsight OAuth-token incident — potential customer-data exposure

Salesforce says some of its customers' data was accessed after Gainsight breach https://

Nov 22

Search

Clear search

Close search

Google apps

Main menu