Research Pod

We forced GitHub to prompt-inject itself. It allowed us to control Copilot’s responses and exfiltrate Codespaces’ GITHUB_TOKEN secret. The end...

Introduction A critical vulnerability (CVE-2025-62878, CVSS 10.0) was disclosed on February 4, 2026 affecting all versions of Rancher's Local Path...

Executive Summary The Orca Research Pod has uncovered multiple attack vectors in GitHub Codespaces that allow remote code execution (RCE)...

Introduction A critical vulnerability (CVE-2026-22778, CVSS 9.8) was disclosed on February 2, 2026, affecting vLLM, a widely-deployed Python library for...

Introduction State-sponsored attackers compromised Notepad++'s hosting infrastructure from June through December 2025, hijacking the application's update mechanism to deliver malicious...

A critical vulnerability (CVE-2026-1470, CVSS 9.9) was disclosed on January 27, 2026 affecting n8n, the popular open-source workflow automation platform....

A critical vulnerability (CVE-2025-15467, CVSS 9.8) dropped on January 27, 2026. It affects OpenSSL 3.0, 3.3, 3.4, 3.5, and 3.6...

Quick Overview CVE-ID: CVE-2026-21509 CVSS Score: 7.8 (High) Affected Products: Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, Microsoft 365...

A critical vulnerability (CVE-2026-24061, CVSS 9.8) was disclosed on January 20, 2026 affecting GNU InetUtils telnetd versions 1.9.3 through 2.7....