Groups
Groups
Sign in
Groups
Groups
Technical - Application Security
Conversations
About
Send feedback
Help
Group path
Technical - Application Security
Contact owners and managers
1–30 of 4783
Mark all as read
Report group
0 selected
Eyal Estrin
2:32 PM
Squidbleed (CVE-2026-47729)
https://blog.calif.io/p/squidbleed-cve-2026-47729 Eyal Estrin Author | Cloud Architect | AWS • Azure
unread,
Squidbleed (CVE-2026-47729)
https://blog.calif.io/p/squidbleed-cve-2026-47729 Eyal Estrin Author | Cloud Architect | AWS • Azure
2:32 PM
Eyal Estrin
Jun 21
Mapping out your unknown: A threat hunter’s guide to Salesforce
https://securitylabs.datadoghq.com/articles/mapping-out-your-unknown-threat-hunters-guide-to-
unread,
Mapping out your unknown: A threat hunter’s guide to Salesforce
https://securitylabs.datadoghq.com/articles/mapping-out-your-unknown-threat-hunters-guide-to-
Jun 21
Eyal Estrin
Jun 21
Introducing usbliter8 - An A12/A13 SecureROM exploit
https://ps.tc/pages/blog-usbliter8.html https://github.com/prdgmshift/usbliter8 Eyal Estrin Author |
unread,
Introducing usbliter8 - An A12/A13 SecureROM exploit
https://ps.tc/pages/blog-usbliter8.html https://github.com/prdgmshift/usbliter8 Eyal Estrin Author |
Jun 21
Eyal Estrin
Jun 20
Your GitHub Actions Secrets Are One Pull Request Away From Leaking
https://medium.com/kotaicode/your-github-actions-secrets-are-one-pull-request-away-from-leaking-
unread,
Your GitHub Actions Secrets Are One Pull Request Away From Leaking
https://medium.com/kotaicode/your-github-actions-secrets-are-one-pull-request-away-from-leaking-
Jun 20
Eyal Estrin
Jun 20
One Fake Bug Report Hijacked a $250 Billion Company’s AI Agent – Then 100+ More
https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/ Eyal Estrin Author
unread,
One Fake Bug Report Hijacked a $250 Billion Company’s AI Agent – Then 100+ More
https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/ Eyal Estrin Author
Jun 20
Eyal Estrin
Jun 20
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID
https://bobdahacker.com/blog/fifa-hack Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP
unread,
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID
https://bobdahacker.com/blog/fifa-hack Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP
Jun 20
Eyal Estrin
Jun 18
From package to postinstall payload: Inside the Mastra npm supply chain compromise
https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply
unread,
From package to postinstall payload: Inside the Mastra npm supply chain compromise
https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply
Jun 18
Eyal Estrin
Jun 18
Microsoft Leads a New Era of Software Supply Chain Transparency
https://techcommunity.microsoft.com/blog/microsoft-security-blog/microsoft-leads-a-new-era-of-
unread,
Microsoft Leads a New Era of Software Supply Chain Transparency
https://techcommunity.microsoft.com/blog/microsoft-security-blog/microsoft-leads-a-new-era-of-
Jun 18
Eyal Estrin
Jun 18
144 Mastra npm Packages Compromised via Supply Chain Attack
https://orca.security/resources/blog/mastra-npm-supply-chain-attack/ Eyal Estrin Author | Cloud
unread,
144 Mastra npm Packages Compromised via Supply Chain Attack
https://orca.security/resources/blog/mastra-npm-supply-chain-attack/ Eyal Estrin Author | Cloud
Jun 18
Eyal Estrin
Jun 17
Multiple JetBrains IDE plugins caught stealing AI keys
https://www.aikido.dev/blog/multiple-jetbrains-ide-plugins-caught-stealing-ai-keys Eyal Estrin Author
unread,
Multiple JetBrains IDE plugins caught stealing AI keys
https://www.aikido.dev/blog/multiple-jetbrains-ide-plugins-caught-stealing-ai-keys Eyal Estrin Author
Jun 17
Eyal Estrin
Jun 17
Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE
https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/ Eyal Estrin Author | Cloud Architect |
unread,
Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE
https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/ Eyal Estrin Author | Cloud Architect |
Jun 17
Eyal Estrin
Jun 13
ServiceNow unauthenticated API vulnerability update on KB3067321 investigations
ServiceNow says security researchers, not hackers, accessed data https://www.scworld.com/news/
unread,
ServiceNow unauthenticated API vulnerability update on KB3067321 investigations
ServiceNow says security researchers, not hackers, accessed data https://www.scworld.com/news/
Jun 13
Eyal Estrin
Jun 13
How You Actually Secure Systems: Using OWASP and NIST Together
https://securityboulevard.com/2026/06/how-you-actually-secure-systems-using-owasp-and-nist-together/
unread,
How You Actually Secure Systems: Using OWASP and NIST Together
https://securityboulevard.com/2026/06/how-you-actually-secure-systems-using-owasp-and-nist-together/
Jun 13
Eyal Estrin
Jun 13
A Fake Bug Report Hijacks Your AI Coding Agent – and Nothing Catches It
https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/ Eyal Estrin Author
unread,
A Fake Bug Report Hijacks Your AI Coding Agent – and Nothing Catches It
https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/ Eyal Estrin Author
Jun 13
Eyal Estrin
Jun 12
The Worm in the Supply Chain: How Defender for Endpoint and Sentinel for SAP BTP Caught Shai-Hulud
https://techcommunity.microsoft.com/blog/microsoftsentinelblog/the-worm-in-the-supply-chain-how-
unread,
The Worm in the Supply Chain: How Defender for Endpoint and Sentinel for SAP BTP Caught Shai-Hulud
https://techcommunity.microsoft.com/blog/microsoftsentinelblog/the-worm-in-the-supply-chain-how-
Jun 12
Eyal Estrin
Jun 12
Compromise OpenClaw with Prompt Injections in Message Objects
https://www.imperva.com/blog/compromise-openclaw-with-prompt-injections-in-message-objects/ Eyal
unread,
Compromise OpenClaw with Prompt Injections in Message Objects
https://www.imperva.com/blog/compromise-openclaw-with-prompt-injections-in-message-objects/ Eyal
Jun 12
Eyal Estrin
Jun 12
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
https://thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html https://github.com/orgs/
unread,
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
https://thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html https://github.com/orgs/
Jun 12
Eyal Estrin
Jun 12
FROST: Fingerprinting Remotely using OPFS-based SSD Timing
https://hannesweissteiner.com/pdfs/frost.pdf Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP
unread,
FROST: Fingerprinting Remotely using OPFS-based SSD Timing
https://hannesweissteiner.com/pdfs/frost.pdf Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP
Jun 12
Eyal Estrin
Jun 11
Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels
https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-
unread,
Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels
https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-
Jun 11
Eyal Estrin
Jun 9
Critical Security Advisory LiteLLM Remote Code Execution CVE-2026-42271 and CVE-2026-48710 Threat Intelligence Alert
CVE-2026-42271 Chained with CVE-2026-48710 https://horizon3.ai/attack-research/vulnerabilities/cve-
unread,
Critical Security Advisory LiteLLM Remote Code Execution CVE-2026-42271 and CVE-2026-48710 Threat Intelligence Alert
CVE-2026-42271 Chained with CVE-2026-48710 https://horizon3.ai/attack-research/vulnerabilities/cve-
Jun 9
Eyal Estrin
Jun 9
Cyera Research Uncovers Six Protobuf.js Vulnerabilities Impacting the Backbone of Data and AI Systems
https://www.cyera.com/blog/cyera-research-uncovers-six-protobuf-js-vulnerabilities-impacting-the-
unread,
Cyera Research Uncovers Six Protobuf.js Vulnerabilities Impacting the Backbone of Data and AI Systems
https://www.cyera.com/blog/cyera-research-uncovers-six-protobuf-js-vulnerabilities-impacting-the-
Jun 9
Eyal Estrin
Jun 9
For the 2nd time in weeks, Microsoft packages laced with credential stealer
https://arstechnica.com/security/2026/06/for-the-2nd-time-in-weeks-microsoft-packages-laced-with-
unread,
For the 2nd time in weeks, Microsoft packages laced with credential stealer
https://arstechnica.com/security/2026/06/for-the-2nd-time-in-weeks-microsoft-packages-laced-with-
Jun 9
Eyal Estrin
Jun 7
Detecting Claude Cowork Insider Threat Activity
https://www.dtex.ai/resources/i%C2%B3-threat-advisory-detecting-claude-cowork-insider-threat-activity
unread,
Detecting Claude Cowork Insider Threat Activity
https://www.dtex.ai/resources/i%C2%B3-threat-advisory-detecting-claude-cowork-insider-threat-activity
Jun 7
Eyal Estrin
Jun 7
Meta confirms thousands of Instagram accounts were hacked by abusing its AI chatbot
https://this.weekinsecurity.com/meta-confirms-thousands-of-instagram-accounts-were-hacked-by-abusing-
unread,
Meta confirms thousands of Instagram accounts were hacked by abusing its AI chatbot
https://this.weekinsecurity.com/meta-confirms-thousands-of-instagram-accounts-were-hacked-by-abusing-
Jun 7
Eyal Estrin
Jun 6
Why writing software has become dangerous today
https://www.scworld.com/perspective/why-writing-software-has-become-dangerous-today Eyal Estrin
unread,
Why writing software has become dangerous today
https://www.scworld.com/perspective/why-writing-software-has-become-dangerous-today Eyal Estrin
Jun 6
Eyal Estrin
Jun 6
Securing CI/CD in an agentic world: Claude Code Github action case
https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-
unread,
Securing CI/CD in an agentic world: Claude Code Github action case
https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-
Jun 6
Eyal Estrin
Jun 5
Unauthenticated Remote Code Execution in HuggingFace Transformers via Config Injection
https://pluto.security/blog/unauthenticated-remote-code-execution-in-huggingface-transformers-via-
unread,
Unauthenticated Remote Code Execution in HuggingFace Transformers via Config Injection
https://pluto.security/blog/unauthenticated-remote-code-execution-in-huggingface-transformers-via-
Jun 5
Eyal Estrin
Jun 5
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-
unread,
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-
Jun 5
Eyal Estrin
Jun 4
Pointing a Cursor at evading detection
https://www.sophos.com/en-us/blog/pointing-a-cursor-at-evading-detection Eyal Estrin Author | Cloud
unread,
Pointing a Cursor at evading detection
https://www.sophos.com/en-us/blog/pointing-a-cursor-at-evading-detection Eyal Estrin Author | Cloud
Jun 4
Eyal Estrin
Jun 4
1-Click GitHub Token Stealing via a VSCode Bug
https://blog.ammaraskar.com/github-token-stealing/ Eyal Estrin Author | Cloud Architect | AWS • Azure
unread,
1-Click GitHub Token Stealing via a VSCode Bug
https://blog.ammaraskar.com/github-token-stealing/ Eyal Estrin Author | Cloud Architect | AWS • Azure
Jun 4
