Research Pod

Executive Summary A severe malware incident (no formal CVE yet, but tracked as a high‑risk supply chain compromise) was disclosed...

A supply chain compromise moved from CI pipelines into the npm ecosystem, stealing secrets, hijacking packages, and persisting on developer...

Table of contentsQuick OverviewCVSS RationaleWhat Is SGLang?Technical AnalysisRoot Cause: Python's pickle on Untrusted Network DataHow Pickle Deserialization Becomes Code ExecutionProposed...

Table of contentsKey TakeawaysIntroductionThe Industrialization of MaliceAI as the Producer, and Emerging Director, of MalwareAI-Written MalwareAI-Powered MalwareNo Matter How It’s...

Table of contentsExecutive summaryIntroductionWhy GitHub Actions Are a New Frontier for AttackersWhat Happened?What Is the Impact?How HackerBot-Claw Works (Attack Chain)Scan...

AILM (AI-Induced Lateral Movement) is a new post-exploitation attack-vector where the pivot mechanism isn’t a subnet or an identity, but...

SolarWinds has released Serv-U 15.5.4 to address four critical vulnerabilities — CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, and CVE-2025-40541 (CVSS 9.1) — that...

A high-severity vulnerability (CVE-2026-2441, CVSS pending vendor confirmation) has been disclosed in Google Chrome and the Chromium engine, allowing attackers...

Introduction A critical vulnerability (CVE-2026-1731, CVSS 9.9) was publicly disclosed on February 6, 2026 affecting BeyondTrust Remote Support (RS) and...