Groups

Technical - Application Security

Contact owners and managers

1–30 of 4687

0 selected

Apr 23

Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions

https://socket.dev/blog/checkmarx-supply-chain-compromise Eyal Estrin Author | Cloud Architect | AWS

unread,

Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions

https://socket.dev/blog/checkmarx-supply-chain-compromise Eyal Estrin Author | Cloud Architect | AWS

Apr 23

Apr 22

Prompt Injection leads to RCE and Sandbox Escape in Antigravity

https://www.pillar.security/blog/prompt-injection-leads-to-rce-and-sandbox-escape-in-antigravity Eyal

unread,

Prompt Injection leads to RCE and Sandbox Escape in Antigravity

https://www.pillar.security/blog/prompt-injection-leads-to-rce-and-sandbox-escape-in-antigravity Eyal

Apr 22

Apr 21

The Mother of All AI Supply Chains: Critical, Systemic Vulnerability at the Core of Anthropic’s MCP

https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-

unread,

The Mother of All AI Supply Chains: Critical, Systemic Vulnerability at the Core of Anthropic’s MCP

https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-

Apr 21

Apr 21

Vercel OAuth Supply Chain Breach via Context.ai Compromise (21.4.2026)

Vercel April 2026 security incident https://vercel.com/kb/bulletin/vercel-april-2026-security-

unread,

Vercel OAuth Supply Chain Breach via Context.ai Compromise (21.4.2026)

Vercel April 2026 security incident https://vercel.com/kb/bulletin/vercel-april-2026-security-

Apr 21

Apr 21

Analysis of Lovable AI data exposure reports and Vibe Coding security risks (21.4.2026)

I keep finding vibe coded apps that leak user data, and I'm not even looking for it https://www.

unread,

Analysis of Lovable AI data exposure reports and Vibe Coding security risks (21.4.2026)

I keep finding vibe coded apps that leak user data, and I'm not even looking for it https://www.

Apr 21

Apr 18

A Relay a Day Keeps the AirTag Away: Practical Relay Attacks on Apple’s AirTags

https://arxiv.org/pdf/2604.10138 Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights

unread,

A Relay a Day Keeps the AirTag Away: Practical Relay Attacks on Apple’s AirTags

https://arxiv.org/pdf/2604.10138 Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights

Apr 18

Apr 18

Every Old Vulnerability Is Now an AI Vulnerability

https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-ai-vulnerability Eyal

unread,

Every Old Vulnerability Is Now an AI Vulnerability

https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-ai-vulnerability Eyal

Apr 18

Apr 17

Critical Unauthenticated RCE and Server Takeover (CVE-2026-33032, CVE-2026-27825)

MCPwnfluence: Critical Unauthenticated SSRF to RCE Attack Chain in the Most Widely Used Atlassian MCP

unread,

Critical Unauthenticated RCE and Server Takeover (CVE-2026-33032, CVE-2026-27825)

MCPwnfluence: Critical Unauthenticated SSRF to RCE Attack Chain in the Most Widely Used Atlassian MCP

Apr 17

Apr 17

The n8n n8mare: How threat actors are misusing AI workflow automation

https://blog.talosintelligence.com/the-n8n-n8mare/ Eyal Estrin Author | Cloud Architect | AWS • Azure

unread,

The n8n n8mare: How threat actors are misusing AI workflow automation

https://blog.talosintelligence.com/the-n8n-n8mare/ Eyal Estrin Author | Cloud Architect | AWS • Azure

Apr 17

Apr 17

The Rise of AI Pentesting Agents: A Technical Analysis (2026)

https://appsecsanta.com/research/ai-pentesting-agents-2026 Eyal Estrin Author | Cloud Architect | AWS

unread,

The Rise of AI Pentesting Agents: A Technical Analysis (2026)

https://appsecsanta.com/research/ai-pentesting-agents-2026 Eyal Estrin Author | Cloud Architect | AWS

Apr 17

Apr 17

Two Git Commands Fooled Claude Into Merging Malicious Code

https://www.manifold.security/blog/spoofed-git-identity-ai-code-reviewer Eyal Estrin Author | Cloud

unread,

Two Git Commands Fooled Claude Into Merging Malicious Code

https://www.manifold.security/blog/spoofed-git-identity-ai-code-reviewer Eyal Estrin Author | Cloud

Apr 17

Apr 15

Fake Linux leader using Slack to con devs into giving up their secrets

https://www.theregister.com/2026/04/13/linux_foundation_social_engineering/ Eyal Estrin Author |

unread,

Fake Linux leader using Slack to con devs into giving up their secrets

https://www.theregister.com/2026/04/13/linux_foundation_social_engineering/ Eyal Estrin Author |

Apr 15

Apr 13

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

https://www.theregister.com/2026/04/11/trivy_axios_supply_chain_attacks/ Eyal Estrin Author | Cloud

unread,

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

https://www.theregister.com/2026/04/11/trivy_axios_supply_chain_attacks/ Eyal Estrin Author | Cloud

Apr 13

Apr 11

Detecting CI/CD Supply Chain Attacks with Canary Credentials

https://tracebit.com/blog/detecting-cicd-supply-chain-attacks-with-canary-credentials Eyal Estrin

unread,

Detecting CI/CD Supply Chain Attacks with Canary Credentials

https://tracebit.com/blog/detecting-cicd-supply-chain-attacks-with-canary-credentials Eyal Estrin

Apr 11

Apr 9

The Era of Agentic Security is Here: Key Findings from the 1H 2026 State of AI and API Security Report

https://salt.security/blog/the-era-of-agentic-security-is-here-key-findings-from-the-1h-2026-state-of

unread,

The Era of Agentic Security is Here: Key Findings from the 1H 2026 State of AI and API Security Report

https://salt.security/blog/the-era-of-agentic-security-is-here-key-findings-from-the-1h-2026-state-of

Apr 9

Apr 9

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party

unread,

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party

Apr 9

Apr 8

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed (CVE-2025-59528)

https://thehackernews.com/2026/04/flowise-ai-agent-builder-under-active.html https://github.com/

unread,

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed (CVE-2025-59528)

https://thehackernews.com/2026/04/flowise-ai-agent-builder-under-active.html https://github.com/

Apr 8

Apr 8

GrafanaGhost: The Phantom Stealing Your Data

https://noma.security/blog/grafana-ghost/ Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP

unread,

GrafanaGhost: The Phantom Stealing Your Data

https://noma.security/blog/grafana-ghost/ Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP

Apr 8

Apr 7

The Team PCP Snowball Effect: A Quantitative Analysis

https://blog.gitguardian.com/team-pcp-snowball-analysis/ Eyal Estrin Author | Cloud Architect | AWS •

unread,

The Team PCP Snowball Effect: A Quantitative Analysis

https://blog.gitguardian.com/team-pcp-snowball-analysis/ Eyal Estrin Author | Cloud Architect | AWS •

Apr 7

Apr 5

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads

https://www.trendmicro.com/en_us/research/26/d/weaponizing-trust-claude-code-lures-and-github-release

unread,

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads

https://www.trendmicro.com/en_us/research/26/d/weaponizing-trust-claude-code-lures-and-github-release

Apr 5

Apr 5

Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2

https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent/ Eyal Estrin Author | Cloud Architect

unread,

Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2

https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent/ Eyal Estrin Author | Cloud Architect

Apr 5

Apr 4

LinkedIn Is Illegally Searching Your Computer

https://browsergate.eu/ https://browsergate.eu/the-evidence-pack/ Eyal Estrin Author | Cloud

unread,

LinkedIn Is Illegally Searching Your Computer

https://browsergate.eu/ https://browsergate.eu/the-evidence-pack/ Eyal Estrin Author | Cloud

Apr 4

Apr 4

Why GitHub Developers Are Targeted by Token Giveaway Scams

https://hackread.com/github-developers-targettoken-giveaway-scams/ Eyal Estrin Author | Cloud

unread,

Why GitHub Developers Are Targeted by Token Giveaway Scams

https://hackread.com/github-developers-targettoken-giveaway-scams/ Eyal Estrin Author | Cloud

Apr 4

Apr 4

CrewAI Vulnerabilities Expose Devices to Hacking (CVE-2026-2275)

https://www.securityweek.com/crewai-vulnerabilities-expose-devices-to-hacking/ https://kb.cert.org/

unread,

CrewAI Vulnerabilities Expose Devices to Hacking (CVE-2026-2275)

https://www.securityweek.com/crewai-vulnerabilities-expose-devices-to-hacking/ https://kb.cert.org/

Apr 4

Apr 3

GDDRHammer: Greatly Disturbing DRAM Rows — Cross-Component Rowhammer Attacks from Modern GPUs

https://gddr.fail/files/gddr.pdf Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights

unread,

GDDRHammer: Greatly Disturbing DRAM Rows — Cross-Component Rowhammer Attacks from Modern GPUs

https://gddr.fail/files/gddr.pdf Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights

Apr 3

Apr 2

Articles about Axios npm package vulnerability (2.4.2026)

Axios npm Compromised: UNC1069 Deploys Cross-Platform RAT https://labs.cloudsecurityalliance.org/wp-

unread,

Articles about Axios npm package vulnerability (2.4.2026)

Axios npm Compromised: UNC1069 Deploys Cross-Platform RAT https://labs.cloudsecurityalliance.org/wp-

Apr 2

Apr 2

Cloudflare Client-Side Security: smarter detection, now open to everyone

https://blog.cloudflare.com/client-side-security-open-to-everyone/ Eyal Estrin Author | Cloud

unread,

Cloudflare Client-Side Security: smarter detection, now open to everyone

https://blog.cloudflare.com/client-side-security-open-to-everyone/ Eyal Estrin Author | Cloud

Apr 2

Apr 1

LofyGang Returns: From Fake undici to Full System Compromise via Parallel Data Theft

https://research.jfrog.com/post/lofygang-returns-a-dual-payload-npm-package/ Eyal Estrin Author |

unread,

LofyGang Returns: From Fake undici to Full System Compromise via Parallel Data Theft

https://research.jfrog.com/post/lofygang-returns-a-dual-payload-npm-package/ Eyal Estrin Author |

Apr 1

Apr 1

APIs are the new perimeter: Here’s how CISOs are securing them

https://www.csoonline.com/article/4148315/apis-are-the-new-perimeter-heres-how-cisos-are-securing-

unread,

APIs are the new perimeter: Here’s how CISOs are securing them

https://www.csoonline.com/article/4148315/apis-are-the-new-perimeter-heres-how-cisos-are-securing-

Apr 1

Apr 1

Articles about Axios npm package vulnerability (1.4.2026)

North Korean hackers implicated in major supply chain attack https://www.axios.com/2026/03/31/north-

unread,

Articles about Axios npm package vulnerability (1.4.2026)

North Korean hackers implicated in major supply chain attack https://www.axios.com/2026/03/31/north-

Apr 1

Search

Clear search

Close search

Google apps

Main menu