Learn how attackers hide malware inside WAV audio files using steganography, based on the real-world TeamPCP supply chain campaign.

Today, we woke up with a nagging feeling: what if Citrix had, in fact, patched multiple Memory Overread vulnerabilities as part of CVE-2026-3055?

While we've been using our analysis from Part 1 (please read it first, as this post will be brief) to accurately…

AI middleware shouldn’t be a data drain. Cyera uncovers 3 critical LangChain vulnerabilities. See the research and learn how to patch your AI stack now.

Supply chain attacks cascade through ecosystems in ways traditional metrics hardly capture. GitGuardian evaluates the PCP Team incidents and finds damage spread to thousands of public targets.

Collaborative threat intelligence note-taking platform

Postural manipulation as a new attack class. Empirical record across four frontier models, propagation findings, six-layer defensive architecture. AG Davidson, 2026.

Break your AI agents before someone else does. Security scanning for system prompts, MCP servers, and AI coding agents.

A Claude Code Agent Dashboard

BeyondTrust Phantom Labs disclosed a critical command injection vulnerability in OpenAI Codex that allowed attackers to steal GitHub OAuth tokens through unsanitized branch names. The flaw affected ChatGPT, Codex CLI, SDK, and IDE extensions, and could scale…

Containers, VMs, and serverless were built for code you wrote. Agents write their own.

Axios NPM packages v1.14.1 and v0.30.4 compromised. Malicious plain-crypto-js@4.2.1 dependency injected. Full technical breakdown

A team of cybersecurity students from the University of North Georgia vanquished seven opposing teams from other senior military colleges and elite service

How pwn.ai turned a routine client pentest into multiple ImageMagick exploits. By autonomously researching the product’s internals for days, it found a path from a single image upload to file leaks, security policy bypasses, and remote code execution across…

If you think you’ve blocked NTLMv1 in your organization, think again. Silverfort’s research team recently discovered that attackers bypass the Group Policy designed to disable NTLMv1…

To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.

Today we announce HTPBE Quantum — our breakthrough product that verifies PDF authenticity up to 72 hours before the document is created. Using quantum m...

This paper introduces Authority Encoding Risk (AER), a structural actuarial variable designed to quantify ambiguity in decision authority within AI-influenced e