SimpleHelp CVE-2026-48558 exploitation turns RMM into a credential-theft path SimpleHelp has moved from patched vulnerability to active intrusion path. Attacker...
Lucas Oliveira
Research
Mastra npm compromise turns AI agent builds into credential-theft risk The Mastra npm incident is a sharp warning for teams building AI agents: dependency compr...
Lucas Oliveira
Research
Red Hat npm compromise proves provenance alone is not enough Red Hat has confirmed that multiple packages published under the @redhat-cloud-services npm namespa...
Lucas Oliveira
Research
One-Click github.dev Attack Lets Malicious Repos Steal Full GitHub Tokens | 2026 Executive Summary Security researcher Ammar Askar disclosed a one-click attack...
Lucas Oliveira
Research
LLMShare Turns Trusted AI Domains Into Malware Delivery Infrastructure | 2026 Executive Summary Push Security disclosed a live campaign it tracks as LLMShare, w...
Lucas Oliveira
Research
FortiClient EMS exploit turns endpoint management into credential theft at scale CVE-2026-35616 matters because it breaks a security assumption many teams quiet...
Lucas Oliveira
Research
GlassWorm takedown shows how developer malware becomes supply-chain risk Executive Summary The coordinated disruption of GlassWorm on May 26, 2026 is useful bec...
Lucas Oliveira
Research
GitHub Action tag hijack turns CI/CD runs into credential theft A fresh GitHub Actions supply chain incident is a good reminder that "pinned" does not mean safe...
Lucas Oliveira
Research
CVE-2026-20182 makes Cisco SD-WAN controllers an urgent KEV priority CVE-2026-20182 is not landing as a routine patch bulletin. Cisco says the flaw is already b...
Lucas Oliveira
Research
LiteLLM SQL injection flaw puts AI gateways on the front line CVE-2026-42208 matters because it turns an AI gateway into a high-value choke point for attackers....
Lucas Oliveira
Research
PyTorch Lightning supply-chain compromise puts AI developer credentials at risk The most dangerous supply-chain incidents are not always the ones that hit opera...
Lucas Oliveira
Research
Bitwarden CLI npm compromise exposes CI/CD credential risk A brief compromise of the Bitwarden CLI npm distribution is still a high-priority defender story beca...
Lucas Oliveira
Research