NGINX Rift: Eighteen Years in Plain Sight
An 18-year-old heap overflow in NGINX's rewrite engine is now under active exploitation. Patches exist, but attackers moved faster than most organizations can respond.
vulnerabilities
AI-Generated Code Is Already Running Critical Infrastructure: Can AppSec Keep Up?
Traditional security tools were designed when code changes were measured in hundreds of lines per sprint and development cycles lasted weeks. Today, AI accelerates code production to thousands of lines daily with fundamentally different patterns than human-written code.
Default Configurations, Dangerous Defaults, and ServiceNow's AI Agent Discovery
New research highlights the gap between how technology is designed to work and how it's actually safely operated.
AI-Powered Espionage Disclosure: Industry Questions Value of Anthropic's Postmortem
Anthropic's disclosure lacked important elements, which explains the professional criticism that erupted despite the potmortem's potential significance. And while the post is marketing for Anthropic, it also provides strategic threat context for security executives.
Invisible Gateways: The Hidden IoT Security Risk Threatening Organizations
Connected devices are changing how we work—but they’re also opening invisible gateways for attackers. In this article, Phillip Wylie breaks down how IoT vulnerabilities are being exploited and what organizations can do to close these unseen entry points.
F5 CEO Provides Update on Status of Nation-State Intrusion
The breach has triggered a reckoning with security blind spots that extend far beyond one company's network.
Reflections on the CVSS Keynote
Go talk to some VM teams, and you, too, will see what I see.
The Salesloft Drift Breach Expose Critical Flaws in OAuth Implementations
For enterprise security teams already struggling with SaaS sprawl and third-party risk management, the Drift breach is a reminder that OAuth tokens—designed to enhance security by eliminating password sharing—are high-value targets.
Bolster Defense-in-Depth Strategies as Collaboration Platforms Face Escalating Threats
It’s their necessity for such accessibility that makes secure configuration especially challenging—and when a zero-day vulnerability emerges, the damage can be swift.
Real-World Penetration Testing Case Study | Red Team Lessons
How red teamers exploited a Jenkins flaw to take full control of a corporate network. Learn key lessons for enterprise defenders.