Groups

Technical - Application Security

Contact owners and managers

1–30 of 4656

0 selected

2:35 AM

Fake install logs in npm packages load RAT

https://www.reversinglabs.com/blog/npm-fake-install-logs-rat Eyal Estrin Author | Cloud Architect |

unread,

Fake install logs in npm packages load RAT

https://www.reversinglabs.com/blog/npm-fake-install-logs-rat Eyal Estrin Author | Cloud Architect |

2:35 AM

2:35 AM

Security Analysis and Intel: CVE-2026-33017 Langflow RCE (28.3.2026)

CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours https://www.sysdig.com/

unread,

Security Analysis and Intel: CVE-2026-33017 Langflow RCE (28.3.2026)

CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours https://www.sysdig.com/

2:35 AM

Mar 27

ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension

https://www.koi.ai/blog/shadowprompt-how-any-website-could-have-hijacked-anthropic-claude-chrome-

unread,

ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension

https://www.koi.ai/blog/shadowprompt-how-any-website-could-have-hijacked-anthropic-claude-chrome-

Mar 27

Mar 26

SonaType - Making AI Software Development Safe at Machine Scale

https://www.sonatype.com/hubfs/1-2025_Website-Assets/resource_files/Whitepaper-Safe%20AI/Sonatype%

unread,

SonaType - Making AI Software Development Safe at Machine Scale

https://www.sonatype.com/hubfs/1-2025_Website-Assets/resource_files/Whitepaper-Safe%20AI/Sonatype%

Mar 26

Mar 25

How a Typosquatted Domain and a Fake Version Tag Turned Trivy Into a Credential Stealer

https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html Eyal Estrin Author | Cloud Architect |

unread,

How a Typosquatted Domain and a Fake Version Tag Turned Trivy Into a Credential Stealer

https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html Eyal Estrin Author | Cloud Architect |

Mar 25

Mar 25

Articles about LiteLLM vulnerability (25.3.2026)

Popular litellm Python package is the latest victim of TeamPCP's ongoing supply chain attack

unread,

Articles about LiteLLM vulnerability (25.3.2026)

Popular litellm Python package is the latest victim of TeamPCP's ongoing supply chain attack

Mar 25

Mar 24

Remote Command Execution in Google Cloud with Single Directory Deletion

https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-

unread,

Remote Command Execution in Google Cloud with Single Directory Deletion

https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-

Mar 24

Mar 21

The Hidden Security Risks in Open-Source Dependencies Nobody Talks About

https://securityboulevard.com/2026/03/the-hidden-security-risks-in-open-source-dependencies-nobody-

unread,

The Hidden Security Risks in Open-Source Dependencies Nobody Talks About

https://securityboulevard.com/2026/03/the-hidden-security-risks-in-open-source-dependencies-nobody-

Mar 21

Mar 21

When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise

https://securityboulevard.com/2026/03/when-httponly-isnt-enough-chaining-xss-and-ghostscript-for-full

unread,

When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise

https://securityboulevard.com/2026/03/when-httponly-isnt-enough-chaining-xss-and-ghostscript-for-full

Mar 21

Mar 20

Hacking prison doors remotely, like in movies: vulnerabilities in Net2 ACUs from Paxton

https://it4sec.substack.com/p/hacking-prison-doors-remotely-like https://www.youtube.com/watch?v=

unread,

Hacking prison doors remotely, like in movies: vulnerabilities in Net2 ACUs from Paxton

https://it4sec.substack.com/p/hacking-prison-doors-remotely-like https://www.youtube.com/watch?v=

Mar 20

Mar 20

Magento PolyShell: unrestricted file upload in Magento and Adobe Commerce

https://sansec.io/research/magento-polyshell Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP

unread,

Magento PolyShell: unrestricted file upload in Magento and Adobe Commerce

https://sansec.io/research/magento-polyshell Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP

Mar 20

Mar 20

Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack

https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack Eyal Estrin Author | Cloud

unread,

Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack

https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack Eyal Estrin Author | Cloud

Mar 20

Mar 20

Sashiko: AI code review system for the Linux kernel spots bugs humans miss

https://www.theregister.com/2026/03/20/sashiko_code_review_linux/ Eyal Estrin Author | Cloud

unread,

Sashiko: AI code review system for the Linux kernel spots bugs humans miss

https://www.theregister.com/2026/03/20/sashiko_code_review_linux/ Eyal Estrin Author | Cloud

Mar 20

Mar 20

Android developer verification: Balancing openness and choice with safety

https://android-developers.googleblog.com/2026/03/android-developer-verification.html Eyal Estrin

unread,

Android developer verification: Balancing openness and choice with safety

https://android-developers.googleblog.com/2026/03/android-developer-verification.html Eyal Estrin

Mar 20

Mar 19

GitGuardian - The State of Secrets Sprawl 2026

https://www.gitguardian.com/files/the-state-of-secrets-sprawl-report-2026 Eyal Estrin Author | Cloud

unread,

GitGuardian - The State of Secrets Sprawl 2026

https://www.gitguardian.com/files/the-state-of-secrets-sprawl-report-2026 Eyal Estrin Author | Cloud

Mar 19

Mar 19

From virtio-snd 0-Day to Hypervisor Escape: Exploiting QEMU with an Uncontrolled Heap Overflow

https://osec.io/blog/2026-03-17-virtio-snd-qemu-hypervisor-escape/ Eyal Estrin Author | Cloud

unread,

From virtio-snd 0-Day to Hypervisor Escape: Exploiting QEMU with an Uncontrolled Heap Overflow

https://osec.io/blog/2026-03-17-virtio-snd-qemu-hypervisor-escape/ Eyal Estrin Author | Cloud

Mar 19

Mar 19

The Collection of Commercial Intelligence: TikTok & Meta Ad Pixels

https://jscrambler.com/blog/beyond-analytics-tiktok-meta-ad-pixels Eyal Estrin Author | Cloud

unread,

The Collection of Commercial Intelligence: TikTok & Meta Ad Pixels

https://jscrambler.com/blog/beyond-analytics-tiktok-meta-ad-pixels Eyal Estrin Author | Cloud

Mar 19

Mar 19

Weaponizing LSPosed: Remote SMS Injection and Identity Spoofing in Modern Payment Ecosystems

https://www.cloudsek.com/blog/weaponizing-lsposed-remote-sms-injection-and-identity-spoofing-in-

unread,

Weaponizing LSPosed: Remote SMS Injection and Identity Spoofing in Modern Payment Ecosystems

https://www.cloudsek.com/blog/weaponizing-lsposed-remote-sms-injection-and-identity-spoofing-in-

Mar 19

Mar 19

Cheshire Cat Security: WhatsApp View Once Is Completely Broken — And WhatsApp Won’t Fix It

https://medium.com/@TalBeerySec/cheshire-cat-security-whatsapp-view-once-is-completely-broken-and-

unread,

Cheshire Cat Security: WhatsApp View Once Is Completely Broken — And WhatsApp Won’t Fix It

https://medium.com/@TalBeerySec/cheshire-cat-security-whatsapp-view-once-is-completely-broken-and-

Mar 19

Mar 16

The rise of malicious repositories on GitHub

https://rushter.com/blog/github-malware/ Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP

unread,

The rise of malicious repositories on GitHub

https://rushter.com/blog/github-malware/ Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP

Mar 16

Mar 16

SecuritySnack - CloudFlare Anti-Security For Phishing

https://dti.domaintools.com/securitysnacks/securitysnack-cloudflare-anti-security-for-phishing Eyal

unread,

SecuritySnack - CloudFlare Anti-Security For Phishing

https://dti.domaintools.com/securitysnacks/securitysnack-cloudflare-anti-security-for-phishing Eyal

Mar 16

Mar 16

Hijacked at the Source: A Trusted Marketing AppsFlyer’s SDK distributes a Crypto Stealer

https://profero.io/blog/hijacked-at-the-source-a-trusted-marketing-appsflyers-sdk-distributes-a-

unread,

Hijacked at the Source: A Trusted Marketing AppsFlyer’s SDK distributes a Crypto Stealer

https://profero.io/blog/hijacked-at-the-source-a-trusted-marketing-appsflyers-sdk-distributes-a-

Mar 16

Mar 14

Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories

https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode Eyal Estrin Author |

unread,

Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories

https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode Eyal Estrin Author |

Mar 14

Mar 14

CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root

https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws

unread,

CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root

https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws

Mar 14

Mar 12

Overly permissive ‘guest’ settings put Salesforce customers at risk

https://www.csoonline.com/article/4143667/overly-permissive-guest-settings-put-salesforce-customers-

unread,

Overly permissive ‘guest’ settings put Salesforce customers at risk

https://www.csoonline.com/article/4143667/overly-permissive-guest-settings-put-salesforce-customers-

Mar 12

Mar 12

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/ Eyal Estrin Author |

unread,

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework

https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/ Eyal Estrin Author |

Mar 12

Mar 12

The Return of PhantomRaven: Detecting Three New Waves of npm Supply Chain Attacks

https://www.endorlabs.com/learn/return-of-phantomraven Eyal Estrin Author | Cloud Architect | AWS •

unread,

The Return of PhantomRaven: Detecting Three New Waves of npm Supply Chain Attacks

https://www.endorlabs.com/learn/return-of-phantomraven Eyal Estrin Author | Cloud Architect | AWS •

Mar 12

Mar 12

Zero Click Unauthenticated RCE in n8n: A Contact Form That Executes Shell Commands

https://www.pillar.security/blog/zero-click-unauthenticated-rce-in-n8n-a-contact-form-that-executes-

unread,

Zero Click Unauthenticated RCE in n8n: A Contact Form That Executes Shell Commands

https://www.pillar.security/blog/zero-click-unauthenticated-rce-in-n8n-a-contact-form-that-executes-

Mar 12

Mar 5

Your API Is a Hacker’s Favorite Target — Here’s How to Secure It Before It’s Too Late

https://medium.com/@sreenath.macha/your-api-is-a-hackers-favorite-target-here-s-how-to-secure-it-

unread,

Your API Is a Hacker’s Favorite Target — Here’s How to Secure It Before It’s Too Late

https://medium.com/@sreenath.macha/your-api-is-a-hackers-favorite-target-here-s-how-to-secure-it-

Mar 5

Mar 5

N8N: Shared Credentials and Account Takeover

https://www.imperva.com/blog/n8n-shared-credentials-and-account-takeover/ Eyal Estrin Author | Cloud

unread,

N8N: Shared Credentials and Account Takeover

https://www.imperva.com/blog/n8n-shared-credentials-and-account-takeover/ Eyal Estrin Author | Cloud

Mar 5

Search

Clear search

Close search

Google apps

Main menu