Groups

Technical - Application Security

Contact owners and managers

1–30 of 4601

0 selected

Feb 7

Managing Software Supply Chain Security for the AI Era

https://www.veracode.com/blog/managing-software-supply-chain-security-ai Eyal Estrin Author | Cloud

unread,

Managing Software Supply Chain Security for the AI Era

https://www.veracode.com/blog/managing-software-supply-chain-security-ai Eyal Estrin Author | Cloud

Feb 7

Feb 7

Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise

https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi Eyal Estrin Author | Cloud

unread,

Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise

https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi Eyal Estrin Author | Cloud

Feb 7

Feb 5

Malicious Chrome Extension Performs Hidden Affiliate Hijacking

https://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking Eyal Estrin

unread,

Malicious Chrome Extension Performs Hidden Affiliate Hijacking

https://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking Eyal Estrin

Feb 5

Feb 5

n8n Sandbox Escape: Critical Vulnerabilities in n8n Exposes Hundreds of Thousands of Enterprise AI Systems to Complete Takeover

https://www.pillar.security/blog/n8n-sandbox-escape-critical-vulnerabilities-in-n8n-exposes-hundreds-

unread,

n8n Sandbox Escape: Critical Vulnerabilities in n8n Exposes Hundreds of Thousands of Enterprise AI Systems to Complete Takeover

https://www.pillar.security/blog/n8n-sandbox-escape-critical-vulnerabilities-in-n8n-exposes-hundreds-

Feb 5

Feb 5

Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious

https://securitylabs.datadoghq.com/articles/web-traffic-hijacking-nginx-configuration-malicious/ Eyal

unread,

Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious

https://securitylabs.datadoghq.com/articles/web-traffic-hijacking-nginx-configuration-malicious/ Eyal

Feb 5

Feb 5

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

https://orca.security/resources/blog/hacking-github-codespaces-rce-supply-chain-attack/ Eyal Estrin

unread,

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

https://orca.security/resources/blog/hacking-github-codespaces-rce-supply-chain-attack/ Eyal Estrin

Feb 5

Feb 5

Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

https://orca.security/resources/blog/cve-2026-22778-vllm-rce-vulnerability/ Eyal Estrin Author |

unread,

Critical RCE in vLLM Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

https://orca.security/resources/blog/cve-2026-22778-vllm-rce-vulnerability/ Eyal Estrin Author |

Feb 5

Feb 4

DockerDash: Two Attack Paths, One AI Supply Chain Crisis

https://noma.security/blog/dockerdash-two-attack-paths-one-ai-supply-chain-crisis/ Eyal Estrin Author

unread,

DockerDash: Two Attack Paths, One AI Supply Chain Crisis

https://noma.security/blog/dockerdash-two-attack-paths-one-ai-supply-chain-crisis/ Eyal Estrin Author

Feb 4

Feb 3

Hacking Moltbook: The AI Social Network Any Human Can Control

https://www.wiz.io/blog/exposed-moltbook-database-reveals-millions-of-api-keys Eyal Estrin Author |

unread,

Hacking Moltbook: The AI Social Network Any Human Can Control

https://www.wiz.io/blog/exposed-moltbook-database-reveals-millions-of-api-keys Eyal Estrin Author |

Feb 3

Feb 1

Researcher reveals evidence of private Instagram profiles leaking photos

https://www.bleepingcomputer.com/news/security/researcher-reveals-evidence-of-private-instagram-

unread,

Researcher reveals evidence of private Instagram profiles leaking photos

https://www.bleepingcomputer.com/news/security/researcher-reveals-evidence-of-private-instagram-

Feb 1

Feb 1

OpenClaw scored 2/100 on Zeroleaks

https://zeroleaks.ai/reports/openclaw-analysis.pdf Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK

unread,

OpenClaw scored 2/100 on Zeroleaks

https://zeroleaks.ai/reports/openclaw-analysis.pdf Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK

Feb 1

Feb 1

Critical sandbox escape flaw found in popular vm2 NodeJS library (CVE-2026-22709)

https://www.bleepingcomputer.com/news/security/critical-sandbox-escape-flaw-discovered-in-popular-vm2

unread,

Critical sandbox escape flaw found in popular vm2 NodeJS library (CVE-2026-22709)

https://www.bleepingcomputer.com/news/security/critical-sandbox-escape-flaw-discovered-in-popular-vm2

Feb 1

Jan 30

Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT

https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-

unread,

Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT

https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-

Jan 30

Jan 29

The top 5 sources of secret sprawl, and how attackers exploit them

https://www.hashicorp.com/en/blog/the-top-5-sources-of-secret-sprawl-and-how-attackers-exploit-them

unread,

The top 5 sources of secret sprawl, and how attackers exploit them

https://www.hashicorp.com/en/blog/the-top-5-sources-of-secret-sprawl-and-how-attackers-exploit-them

Jan 29

Jan 29

Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission

https://grahamhelton.com/blog/nodes-proxy-rce Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog:

unread,

Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission

https://grahamhelton.com/blog/nodes-proxy-rce Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog:

Jan 29

Jan 29

A security checklist for your React and Next.js apps

https://thenewstack.io/a-security-checklist-for-your-react-and-next-js-apps/ Eyal Estrin CISSP, CCSP,

unread,

A security checklist for your React and Next.js apps

https://thenewstack.io/a-security-checklist-for-your-react-and-next-js-apps/ Eyal Estrin CISSP, CCSP,

Jan 29

Jan 28

A Scammer Sent Me His Source Code? A Cautionary Tale of the Dangers of Vibe Coding

https://blog.enterprisemanagement.com/a-scammer-sent-me-his-source-code-a-cautionary-tale-of-the-

unread,

A Scammer Sent Me His Source Code? A Cautionary Tale of the Dangers of Vibe Coding

https://blog.enterprisemanagement.com/a-scammer-sent-me-his-source-code-a-cautionary-tale-of-the-

Jan 28

Jan 28

PackageGate: 6 Zero-Days in JS Package Managers But NPM Won't Act

https://www.koi.ai/blog/packagegate-6-zero-days-in-js-package-managers-but-npm-wont-act Eyal Estrin

unread,

PackageGate: 6 Zero-Days in JS Package Managers But NPM Won't Act

https://www.koi.ai/blog/packagegate-6-zero-days-in-js-package-managers-but-npm-wont-act Eyal Estrin

Jan 28

Jan 28

How to Implement AI Code Generation Securely in Your SDLC

https://www.veracode.com/blog/implement-ai-code-generation-securely/ Eyal Estrin CISSP, CCSP, CISM,

unread,

How to Implement AI Code Generation Securely in Your SDLC

https://www.veracode.com/blog/implement-ai-code-generation-securely/ Eyal Estrin CISSP, CCSP, CISM,

Jan 28

Jan 25

Private Links, Public Leaks: Consequences of Frictionless User Experience on the Security and Privacy Posture of SMS-Delivered URLs

https://arxiv.org/pdf/2601.09232 Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://

unread,

Private Links, Public Leaks: Consequences of Frictionless User Experience on the Security and Privacy Posture of SMS-Delivered URLs

https://arxiv.org/pdf/2601.09232 Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://

Jan 25

Jan 24

The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time

https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/ Eyal Estrin CISSP,

unread,

The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time

https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/ Eyal Estrin CISSP,

Jan 24

Jan 23

Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)

https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-

unread,

Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)

https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-

Jan 23

Jan 22

When the Lab Door Stays Open: Exposed Training Apps Exploited for Fortune 500 Cloud Breaches

https://pentera.io/blog/exposed-cloud-training-apps-pentera-labs/ Eyal Estrin CISSP, CCSP, CISM, CISA

unread,

When the Lab Door Stays Open: Exposed Training Apps Exploited for Fortune 500 Cloud Breaches

https://pentera.io/blog/exposed-cloud-training-apps-pentera-labs/ Eyal Estrin CISSP, CCSP, CISM, CISA

Jan 22

Jan 22

Pwn2Own Automotive 2026 - Day One Results

https://www.zerodayinitiative.com/blog/2026/1/21/pwn2own-automotive-2026-day-one-results Eyal Estrin

unread,

Pwn2Own Automotive 2026 - Day One Results

https://www.zerodayinitiative.com/blog/2026/1/21/pwn2own-automotive-2026-day-one-results Eyal Estrin

Jan 22

Jan 22

How to Align Your DevSecOps Framework with Software Supply Chain Security

https://www.veracode.com/blog/devsecops-framework-software-supply-chain-security/ Eyal Estrin CISSP,

unread,

How to Align Your DevSecOps Framework with Software Supply Chain Security

https://www.veracode.com/blog/devsecops-framework-software-supply-chain-security/ Eyal Estrin CISSP,

Jan 22

Jan 21

Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK

https://ysamm.com/uncategorized/2026/01/17/math-random-facebook-sdk.html Eyal Estrin CISSP, CCSP,

unread,

Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK

https://ysamm.com/uncategorized/2026/01/17/math-random-facebook-sdk.html Eyal Estrin CISSP, CCSP,

Jan 21

Jan 20

How we mitigated a vulnerability in Cloudflare’s ACME validation logic

https://blog.cloudflare.com/acme-path-vulnerability/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK

unread,

How we mitigated a vulnerability in Cloudflare’s ACME validation logic

https://blog.cloudflare.com/acme-path-vulnerability/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK

Jan 20

Jan 19

CISA’s secure-software buying tool had a simple XSS vulnerability of its own

https://cyberscoop.com/cisa-secure-software-buying-tool-had-a-simple-xss-vulnerability-of-its-own/

unread,

CISA’s secure-software buying tool had a simple XSS vulnerability of its own

https://cyberscoop.com/cisa-secure-software-buying-tool-had-a-simple-xss-vulnerability-of-its-own/

Jan 19

Jan 18

StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU’s Stack Engine

https://stackwarpattack.com/stackwarp_usenix26.pdf https://www.amd.com/en/resources/product-security/

unread,

StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU’s Stack Engine

https://stackwarpattack.com/stackwarp_usenix26.pdf https://www.amd.com/en/resources/product-security/

Jan 18

Jan 17

Modular DS bug hands hackers instant WordPress admin access (CVE-2026-23550)

https://www.csoonline.com/article/4118066/modular-ds-bug-hands-hackers-instant-wordpress-admin-access

unread,

Modular DS bug hands hackers instant WordPress admin access (CVE-2026-23550)

https://www.csoonline.com/article/4118066/modular-ds-bug-hands-hackers-instant-wordpress-admin-access

Jan 17

Search

Clear search

Close search

Google apps

Main menu