State of SDLC Security 2026: How Risk Scales in Modern Development
Insights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security.
#Research
durabletask: TeamPCP's Latest PyPi Compromise
Discover the latest on malicious versions of the pypi package durabletask, matching TeamPCP tactics.
The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave
Multi-ecosystem supply chain compromise by TeamPCP targets GitHub, NPM, and VSCode to steal credentials and establish persistence.
Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCP
A new page-cache corruption vulnerability in the Dirty Frag family enables unprivileged local attackers to achieve root
Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised
Detect and mitigate malicious npm packages linked to the latest Mini Shai-Hulud supply chain campaign targeting high-value developer tooling.
Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC
Unpatched kernel flaw chain (CVE-2026-43284, CVE-2026-43500) enables root escalation on major Linux distributions.
The Jenkins Threat Landscape
What usage patterns, plugin adoption, and configuration choices reveal about the Jenkins attack surface.
Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wild
Detect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution (RCE) with root privileges.
Copy Fail: Universal Linux Local Privilege Escalation Vulnerability
Detect and mitigate Copy Fail (CVE-2026-31431), an easily exploitable vulnerability in the Linux kernel that allows escalation from an unprivileged local user account to root access.
The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)
When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it.
Key Takeaways from the 2026 State of AI in the Cloud Report
How AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud Security
Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud.