🚨 #Windows users of NPM systeminformation be aware of #CVE-2025-68154. The fsSize function is vulnerable to OS Command #Injection. The drive parameter is added to a PowerShell command without sanitization, allowing arbitrary command execution when user input reaches the

The very safeguards that your AI agents put in place to make sure you know what they're executing on your machine can be turned into weapons that put your data at risk. Checkmarx Zero already showed you how #LiesInTheLoop (LITL) can compromise the utility of the Human-in-the-Loop

A pentesting AI agent that can be shelled with an HTML comment on a target server? That's actually kind of funny on the one hand, but deeply concerning on the other. Especially if your security team is using that AI agent to accelerate their own testing. Details and mitigation

‼️ Users of Elysia.js should be aware of a critical #vulnerability that can allow attackers to execute arbitrary code on servers: CVE-2025-66456 (See https://t.co/R70REFx31h ) This is a prototype pollution flaw at its core, but can be leveraged to gain #RCE against this

🏰 Zitadel identity manager has 3 serious vulns to patch that could leave organizations at serious risk. 👓 CVE-2025-67494 is a full-read SSRF, allowing adversaries to read sensitive data from internal resources that share a network with the Zitadel deployment. See

Checkmarx Zero researcher Bruno Dias takes a deep dive inside Shai-Hulud's maw to examine how the world's first worm wreaked havoc on the NPM ecosystem — twice. Read "Inside Shai-Hulud's Maw": https://t.co/Hr5RI8bJtY From payload construction to clever tactics for data

🚨 CVE-2025-65959 | Open WebUI | Stored XSS via Notes PDF Download (High) Malicious SVG/HTML in Markdown notes can execute JavaScript when downloaded as PDF, enabling session token theft. All users are at risk. Affects versions < 0.6.37. https://t.co/T18MnkmZGQ

🚨 CVE-2025-65958 | Open WebUI | Authenticated SSRF (High) Authenticated users can force the server to send HTTP requests to arbitrary URLs, enabling internal network scanning and access to internal services. Affects versions < 0.6.37. Patch: Upgrade to v0.6.37

📣 As expected, within hours of disclosure, threat actors began probing and exploiting #React2Shell (CVE-2025-55182), and the #CVE has now been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. If you run React Server Components, Next.js, or dependent frameworks,

The related campaign:

We're very proud that we have excellent detection capabilities for malicious extensions, and our commitment to "no #AIslop reports" (human researchers and analysts verify everything and make the reports, to ensure they're useful and accurate). This really helps make sure that the

We took down 6 more malicious #VSCode packages that seem to be an evolved brandjacking attack similar the attack on Prettier we previously took down. The adversary seems to have leveled up a bit, artificially inflating install counts (thousands of installs with only a few

#React2Shell is not to be underestimated: this RCE vulnerability in React also impacts Next.js, and can result in attackers executing arbitrary commands on your servers. It can be hard to be sure that you're not using the affected components, so upgrade as soon as you possibly

#LastWeekInAppSec was a busy one! Not only did we have #ShaiHulud rear its head again: ☕️ The node-forge toolkit for #JavaScript, which has been widely adopted as a provider for various encryption and digital signature purposes, has a vulnerability in versions through 1.3.1 that

🚨 #CVE-2025-41115 - critical vulnerability in #Grafana user identity handling. Update your platform to v12.0.7, v12.1.4, v12.2.2, or v12.3.0, depending on the branch you're using. #Vulnerable versions where #SCIM provisioning is enabled and configured allow a malicious or

🚨 CVE-2025-62155 | New API — SSRF Redirect Bypass (High) A new SSRF vulnerability has been identified in New API. A previous SSRF fix can be bypassed using HTTP 302 redirects, allowing malicious requests to slip past the initial validation. Because the fix only validated the

AI Agent adoption isn't slowing down: but do you understand the risks of the #MCP (Model Context Protocol) that underlies most of them?Two of our #LLM experts, Tal Folkman and Ricardo Goncalves, walk you through 11 risks we have observed or anticipate with MCP-based agentic AI.

The #ShaiHulud #SecondComing is here; we’ve been all-in responding to this #malware since the attack began this morning. Propagation is faster and harder to automatically detect compared to the last infection; restricting public #NPM usage is wise until infection is controlled.