The AISLE analyzer discovered a high-severity vulnerability that enables SQL injection in OpenSIPS, a pillar of global communications used by over ...

Foreword

Documentation for APM — a professional-grade, zero-knowledge CLI password manager.

WordPress plugin "Profile Builder Pro" (versions before 3.14.5) is susceptible to Unauthenticated PHP Object Injection. In this blog post, we discuss how we discovered and exploited the vulnerability using a novel POP chain, how AI helped in the process,…

Three more bypasses in Roundcube's HTML sanitizer: SMIL animation attributes load remote resources, unquoted body backgrounds enable CSS injection, and position:fixed !important enables phishing overlays.

CVE-2026-33155 - 40 Bytes to Chaos - Read the latest insights from Periphery on securing AI hardware, embedded systems, and critical infrastructure.

Learn how to use nono learn, policy, and profile commands to build production-ready sandbox profiles for AI agents like Claude Code.

Runtime AI security across network, host, and application layers. 1,000+ threat signatures with 100% local processing — zero data leaves your environment.

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability.

In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than…

Free, offline-first GRC engine. Generate gap analysis for ISO 27001, NIST CSF 2.0, and CIS v8 instantly.

Posted by Consistent-Ruin1868 - 0 votes and 1 comment

Eight outlets reported signs of LLM-assisted code in the DarkSword iOS exploit kit. None wrote the standalone analysis. This is that piece. A deep dive into Lookout's findings, prior art, and what it means for mobile threat landscape.

A high-severity configuration loading order defect (`CVE-2026-33068`, CVSS v4.0 7.7 HIGH) in Anthropic's Claude Code CLI tool allows a malicious repository to bypass the workspace trust confirmation dialog.

Break your AI agents before someone else does. Security scanning for system prompts, MCP servers, and AI coding agents.

Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

A critical security control bypass in the ONNX (Open Neural Network Exchange) Python library allows the `onnx.hub.load()` function's `silent=True` parameter to suppress all trust verification warnings and user confirmation prompts, enabling silent loading…

RAXE Research Radar Issue #2: 7 papers reviewed. The agent skill supply chain is broken — and automated scanners cannot tell you how.

Attackers compromised the upstream distribution mechanism for EmEditor, a widely used Windows text editor. Instead of delivering malware through phishing or...