Bad Bot Report 2026: The Internet Is No Longer Human and It’s Changing How...
For decades, companies have operated on a simple assumption that most internet traffic came from people. That assumption no longer holds.
The latest 2026 Bad...
Hacking Safari with GPT 5.4
When Anthropic unveiled Mythos and Project Glasswing, the reaction was immediate and polarized. Some dismissed it as fear-driven marketing, while others treated it as...
Anthropic Mythos: Separating Signal from Hype
The recent buzz around Anthropic’s Mythos model has been intense, and for good reason. Early reports suggest a model that significantly advances automated reasoning over large codebases,...
React2DoS (CVE-2026-23869): When the Flight Protocol Crashes at Takeoff
Executive Summary
In this article, we disclose a new high severity unauthenticated remote denial‑of‑service vulnerability we identified and reported in React Server Components that we’ve...
API Security for AI Agents: Why Protection Has Never Been More Important.
For years, a lot of risky APIs survived simply because they were hard to find. They weren’t documented. Only a handful of engineers knew...
Securing Applications Anywhere: Breaking Down the Wall of Confusion
Application development has changed dramatically. Enterprises now release software faster, operate more digital services, and deploy applications across a mix of public cloud, private...
Why Most DDoS Protection Fails: Solving for Continuity and Resilience
Most organisations assume DDoS (Distributed denial of service) protection is a box they’ve already ticked. If traffic spikes or an attack starts, the thinking...
When your DDoS mitigation provider goes down: Why traffic control can’t be outsourced
Since the headline-grabbing outages of 2021, we’ve had recurring conversations with large enterprises asking some version of the same question.
Do we really want our...
N8N: Shared Credentials and Account Takeover
Executive Summary
We identified a security weakness in n8n’s credential management layer that could have completely compromised the application’s security. This finding highlights the core...
Integrating Advanced API Security with Imperva Gateway Environment
As APIs power the majority of modern web applications, implementing robust API security is no longer optional – it’s a critical necessity for data...
Latest article
CVE-2026-41526
Information published. - Read more
TCLBANKER Malware Targets Users Through Self-Propagating WhatsApp and Outlook Worm Modules
A highly sophisticated Brazilian banking trojan named TCLBANKER, tracked under the campaign REF3076, this malware represents a major update to the older Maverick and...
ShinyHunters Extorts Universities in New Instructure Canvas Hack
ShinyHunters-linked attackers defaced Canvas portals, disrupting finals week access and exposing SaaS security risks for schools.
The post ShinyHunters Extorts Universities in New Instructure Canvas...
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
The five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap”...
