Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake
Security teams need high-quality, labeled datasets to train threat hunters and incident responders, validate detection logic, and develop robust analytic models. EvidenceForge helps teams overcome the limitations of anonymized or...
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can...
Information published. - Read more
Mytheresa – 84,108 breached accounts
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the...
Delta Electronics DIAView Patch Bypass
Delta Electronics DIAView Patch Bypass There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access)An unauthenticated remote attacker can access...
Welcoming the AWS Customer Incident Response Team
May 26, 2026: This post was originally published in July 2022. It has been updated to reflect current engagement options, new threat intelligence...
Multiple Angular Language Service Extension Vulnerabilities Enable RCE Attacks
A set of high-severity vulnerabilities has been identified in the Angular Language Service Visual Studio Code extension (Angular.ng-template), potentially exposing developers to remote code...
Well-architected best practices for software supply chain security
There have been multiple notable supply chain attacks using the npm Registry since September: Shai-Hulud, Chalk/Debug, one abusing tea.xyz tokens, and recently axios. Thanks...
Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception
Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets - Read more
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine...
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CWE added. Informational change only. - Read more
Latest article
Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser
A deceptive Python package quietly made its way into the PyPI repository, putting thousands of developers at risk before it was caught and removed....
Microsoft identifies seven new ways AI agents can be hacked
Microsoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in...
Building secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified...
Modern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security...
3 Principles to Safely Scale Agentic AI
- Read more
