Groups

Technical - Application Security

Contact owners and managers

1–30 of 4517

0 selected

3:11 AM

No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480

https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480/ Eyal

unread,

No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480

https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480/ Eyal

3:11 AM

3:11 AM

Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution (CVE-2025-12735)

https://kb.cert.org/vuls/id/263614 https://www.bleepingcomputer.com/news/security/popular-javascript-

unread,

Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution (CVE-2025-12735)

https://kb.cert.org/vuls/id/263614 https://www.bleepingcomputer.com/news/security/popular-javascript-

3:11 AM

3:11 AM

AI startups leak sensitive credentials on GitHub, exposing models and training data

https://www.csoonline.com/article/4087983/ai-startups-leak-sensitive-credentials-on-github-exposing-

unread,

AI startups leak sensitive credentials on GitHub, exposing models and training data

https://www.csoonline.com/article/4087983/ai-startups-leak-sensitive-credentials-on-github-exposing-

3:11 AM

Nov 11

Two New Web Application Risk Categories Added to OWASP Top 10

https://www.securityweek.com/two-new-web-application-risk-categories-added-to-owasp-top-10/ https://

unread,

Two New Web Application Risk Categories Added to OWASP Top 10

https://www.securityweek.com/two-new-web-application-risk-categories-added-to-owasp-top-10/ https://

Nov 11

Nov 8

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads Eyal

unread,

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads Eyal

Nov 8

Nov 7

HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage

https://www.tenable.com/blog/hackedgpt-novel-ai-vulnerabilities-open-the-door-for-private-data-

unread,

HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage

https://www.tenable.com/blog/hackedgpt-novel-ai-vulnerabilities-open-the-door-for-private-data-

Nov 7

Nov 6

400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin

https://www.wordfence.com/blog/2025/11/400000-wordpress-sites-affected-by-account-takeover-

unread,

400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin

https://www.wordfence.com/blog/2025/11/400000-wordpress-sites-affected-by-account-takeover-

Nov 6

Nov 6

Ransomvibing appears in VS Code extensions

https://secureannex.com/blog/ransomvibe/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https

unread,

Ransomvibing appears in VS Code extensions

https://secureannex.com/blog/ransomvibe/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https

Nov 6

Nov 5

Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk

https://jfrog.com/blog/cve-2025-11953-critical-react-native-community-cli-vulnerability/ Eyal Estrin

unread,

Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk

https://jfrog.com/blog/cve-2025-11953-critical-react-native-community-cli-vulnerability/ Eyal Estrin

Nov 5

Nov 4

DPRK’s Playbook: Kimsuky’s HttpTroy and Lazarus’s New BLINDINGCAN Variant

https://www.gendigital.com/blog/insights/research/dprk-kimsuky-lazarus-analysis Eyal Estrin CISSP,

unread,

DPRK’s Playbook: Kimsuky’s HttpTroy and Lazarus’s New BLINDINGCAN Variant

https://www.gendigital.com/blog/insights/research/dprk-kimsuky-lazarus-analysis Eyal Estrin CISSP,

Nov 4

Nov 3

Your URL Is Your State

https://alfy.blog/2025/10/31/your-url-is-your-state.html Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

unread,

Your URL Is Your State

https://alfy.blog/2025/10/31/your-url-is-your-state.html Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

Nov 3

Nov 1

Everything I know about good API design

https://www.seangoedecke.com/good-api-design/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog:

unread,

Everything I know about good API design

https://www.seangoedecke.com/good-api-design/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog:

Nov 1

Nov 1

What Security Teams Need to Know as PHP and IoT Exploits Surge

https://blog.qualys.com/vulnerabilities-threat-research/2025/10/30/what-security-teams-need-to-know-

unread,

What Security Teams Need to Know as PHP and IoT Exploits Surge

https://blog.qualys.com/vulnerabilities-threat-research/2025/10/30/what-security-teams-need-to-know-

Nov 1

Oct 30

What Good Software Supply Chain Security Looks Like

https://thenewstack.io/what-good-software-supply-chain-security-looks-like/ Eyal Estrin CISSP, CCSP,

unread,

What Good Software Supply Chain Security Looks Like

https://thenewstack.io/what-good-software-supply-chain-security-looks-like/ Eyal Estrin CISSP, CCSP,

Oct 30

Oct 30

Stealing Access Token Secrets from Teams is Hard Unless a Workstation is Compromised

https://office365itpros.com/2025/10/27/local-state-file-teams/ Eyal Estrin CISSP, CCSP, CISM, CISA,

unread,

Stealing Access Token Secrets from Teams is Hard Unless a Workstation is Compromised

https://office365itpros.com/2025/10/27/local-state-file-teams/ Eyal Estrin CISSP, CCSP, CISM, CISA,

Oct 30

Oct 30

State of AI in Security & Development

https://www.aikido.dev/state-of-ai-security-development-2026 Eyal Estrin CISSP, CCSP, CISM, CISA,

unread,

State of AI in Security & Development

https://www.aikido.dev/state-of-ai-security-development-2026 Eyal Estrin CISSP, CCSP, CISM, CISA,

Oct 30

Oct 30

This security hole can crash billions of Chromium browsers, and Google hasn't patched it yet

https://www.theregister.com/2025/10/29/brash_dos_attack_crashes_chromium/ https://github.com/jofpin/

unread,

This security hole can crash billions of Chromium browsers, and Google hasn't patched it yet

https://www.theregister.com/2025/10/29/brash_dos_attack_crashes_chromium/ https://github.com/jofpin/

Oct 30

Oct 29

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html https://tee.fail/files/paper.

unread,

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html https://tee.fail/files/paper.

Oct 29

Oct 29

Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know

https://www.microsoft.com/en-us/msrc/blog/2025/10/understanding-cve-2025-55315 Eyal Estrin CISSP,

unread,

Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know

https://www.microsoft.com/en-us/msrc/blog/2025/10/understanding-cve-2025-55315 Eyal Estrin CISSP,

Oct 29

Oct 27

Don’t Fire Your Regex Yet: The Hidden Risks of AI-Only WAFs

https://productsecurity.ghost.io/dont-fire-your-regex-yet-the-hidden-risks-of-ai-only-wafs/ Eyal

unread,

Don’t Fire Your Regex Yet: The Hidden Risks of AI-Only WAFs

https://productsecurity.ghost.io/dont-fire-your-regex-yet-the-hidden-risks-of-ai-only-wafs/ Eyal

Oct 27

Oct 26

Hacking smart TVs via the HbbTV protocol: injecting URLs through unencrypted broadcasts

https://it4sec.substack.com/p/hacking-smart-tvs-via-the-hbbtv-protocol https://repositum.tuwien.at/

unread,

Hacking smart TVs via the HbbTV protocol: injecting URLs through unencrypted broadcasts

https://it4sec.substack.com/p/hacking-smart-tvs-via-the-hbbtv-protocol https://repositum.tuwien.at/

Oct 26

Oct 25

Catching Credential Guard Off Guard

https://specterops.io/blog/2025/10/23/catching-credential-guard-off-guard/ Eyal Estrin CISSP, CCSP,

unread,

Catching Credential Guard Off Guard

https://specterops.io/blog/2025/10/23/catching-credential-guard-off-guard/ Eyal Estrin CISSP, CCSP,

Oct 25

Oct 24

Stealing Microsoft Teams access tokens in 2025

https://blog.randorisec.fr/ms-teams-access-tokens/ https://cybersecuritynews.com/microsoft-teams-

unread,

Stealing Microsoft Teams access tokens in 2025

https://blog.randorisec.fr/ms-teams-access-tokens/ https://cybersecuritynews.com/microsoft-teams-

Oct 24

Oct 24

Navigating Python’s Dependency System: From Overload to Optimization

https://medium.com/cyberark-engineering/navigating-pythons-dependency-system-from-overload-to-

unread,

Navigating Python’s Dependency System: From Overload to Optimization

https://medium.com/cyberark-engineering/navigating-pythons-dependency-system-from-overload-to-

Oct 24

Oct 24

Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl

https://www.darkreading.com/cyber-risk/too-many-secrets-attackers-sensitive-data-sprawl Eyal Estrin

unread,

Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl

https://www.darkreading.com/cyber-risk/too-many-secrets-attackers-sensitive-data-sprawl Eyal Estrin

Oct 24

Oct 23

Why Organizations Are Abandoning Static Secrets for Managed Identities

https://thehackernews.com/2025/10/why-organizations-are-abandoning-static.html Eyal Estrin CISSP,

unread,

Why Organizations Are Abandoning Static Secrets for Managed Identities

https://thehackernews.com/2025/10/why-organizations-are-abandoning-static.html Eyal Estrin CISSP,

Oct 23

Oct 23

Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys

https://socket.dev/blog/malicious-nuget-packages-typosquat-nethereum-to-exfiltrate-wallet-keys Eyal

unread,

Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys

https://socket.dev/blog/malicious-nuget-packages-typosquat-nethereum-to-exfiltrate-wallet-keys Eyal

Oct 23

Oct 23

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

https://blog.gitguardian.com/breaking-mcp-server-hosting/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

unread,

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

https://blog.gitguardian.com/breaking-mcp-server-hosting/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,

Oct 23

Oct 23

Beyond credentials: weaponizing OAuth applications for persistent cloud access

https://www.proofpoint.com/us/blog/threat-insight/beyond-credentials-weaponizing-oauth-applications-

unread,

Beyond credentials: weaponizing OAuth applications for persistent cloud access

https://www.proofpoint.com/us/blog/threat-insight/beyond-credentials-weaponizing-oauth-applications-

Oct 23

Oct 23

TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware

https://edera.dev/stories/tarmageddon Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://

unread,

TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware

https://edera.dev/stories/tarmageddon Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://

Oct 23

Search

Clear search

Close search

Google apps

Main menu