Research Pod

A critical SSRF (Server-Side Request Forgery, where an attacker tricks a server into making HTTP requests on their behalf) vulnerability...

Table of contentsOverviewWhat Is ksmbd - and Why Does It Matter?Understanding SMB3 MultichannelThe Vulnerability - A Missing LockThe Broken Data...

Table of contentsTop Application Security Findings and Trends for 2026Rapid AI Adoption: Why 43% of Organizations Have Exposed AI/ML CredentialsThe...

Table of contentsQuick OverviewWhat is Axios?Technical AnalysisHow the account was compromisedThe phantom dependency trickInside the dropperPlatform-specific payloadsAnti-forensic evidence destructionAttack FlowAffected...

Executive Summary A severe malware incident (no formal CVE yet, but tracked as a high‑risk supply chain compromise) was disclosed...

A supply chain compromise moved from CI pipelines into the npm ecosystem, stealing secrets, hijacking packages, and persisting on developer...

Table of contentsQuick OverviewCVSS RationaleWhat Is SGLang?Technical AnalysisRoot Cause: Python's pickle on Untrusted Network DataHow Pickle Deserialization Becomes Code ExecutionProposed...

Table of contentsKey TakeawaysIntroductionThe Industrialization of MaliceAI as the Producer, and Emerging Director, of MalwareAI-Written MalwareAI-Powered MalwareNo Matter How It’s...

Table of contentsExecutive summaryIntroductionWhy GitHub Actions Are a New Frontier for AttackersWhat Happened?What Is the Impact?How HackerBot-Claw Works (Attack Chain)Scan...