Cloud & Application Security
Malicious Chrome extensions turn OAuth tokens into enterprise risk
Malicious Chrome extensions turn OAuth tokens into enterprise risk A newly reported cluster of malicious Chrome Web Store extensions is a useful warning for def...
Lucas Oliveira
Research
CVE-2026-39987 puts exposed Marimo notebooks on a fast credential-theft path
CVE-2026-39987 puts exposed Marimo notebooks on a fast credential-theft path CVE-2026-39987 is a sharp reminder that smaller developer and data-science platform...
Lucas Oliveira
Research
CVE-2026-33017: Langflow RCE Hits Exposed AI Pipelines
CVE-2026-33017: Langflow RCE Hits Exposed AI Pipelines | 2026 CVE-2026-33017 is a critical Langflow flaw that turns a public-flow convenience feature into unaut...
Lucas Oliveira
Research
Critical n8n Flaws Enable RCE and Credential Exposure
Critical n8n flaws enable RCE and credential exposure | 2026 Executive Summary Two critical n8n flaws disclosed in March 2026 significantly raise risk for both...
Lucas Oliveira
Research
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
SolarWinds Web Help Desk: Five Critical Vulnerabilities, Patch Bypass History, and the Most Dangerous IT Service Management Flaw of 2026 Executive Summary On Ja...
Lucas Oliveira
Research
MaliciousCorgi: VSCode Supply Chain Attack on 1.5M Devs | 2026
Executive Summary Since January 2026, the sophisticated MaliciousCorgi supply chain attack has weaponized two malicious AI coding assistants on the official VSC...
Lucas Oliveira
Research
The July 2025 Zero-Day Storm: SharePoint and CrushFTP Under Active Attack
🛡️ The July 2025 Zero-Day Storm: SharePoint and CrushFTP Under Active Attack The cybersecurity landscape was rocked in July 2025 by two major[ zero-day](/resou...
Lucas Oliveira
Research