A high severity vulnerability (CVE-2025-14847, CVSS 7.5/8.7) was disclosed affecting MongoDB Server across a wide range of versions, allowing attackers...
A critical vulnerability (CVE-2025-68613, CVSS 9.9/10.0) was disclosed affecting the n8n workflow automation platform, allowing attackers to execute arbitrary code...
Following the previously disclosed React2Shell remote code execution vulnerabilities (React: CVE-2025-55182, Next.js: CVE-2025-66478, CVSS 10.0), additional security issues were identified...
The Orca Research Pod has spent all year investigating cloud security. Billions of cloud assets scanned. Hundreds of thousands of...
A critical vulnerability was announced today affecting React Server Components (RSC), which affects React (CVE-2025-55182) and all frameworks using RSC,...
TL;DR This is the second time a malicious campaign - codenamed Shai‑Hulud - has been detected targeting the npm ecosystem....
The OWASP Top 10 2025 release candidate is here, marking an important milestone in the evolution of application security best...
In Part 1 of this blog series, we learned about GitHub Actions and their risks—now comes the fun part. It’s...
Why do attackers love GitHub Actions, and why should you care? The answer lies in a dangerous combination of widespread...
