Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.

Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries.

Summary

What started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel rooms - has now seemingly become a

Spotify recently introduced its security vulnerability management platform, Kitsune. Right from vulnerability detection to providing insights based on metrics, Kitsune manages the overall security vul

Skills for threat modeling, scanning, triage, patching, plus an autonomous scanning harness you can /customize - anthropics/defending-code-reference-harness

Contribute to V4bel/dirtyfrag development by creating an account on GitHub.

In this post, I’ll show you how to build a continuous integration and continuous delivery (CI/CD) pipeline using AWS Developer Tools, as well as Aqua Security‘s open source container vulnerability scanner, Trivy. You’ll build two Docker images, one with vulnerabilities and one without, to learn the capabilities of Trivy and how to send all vulnerability […]

On 2026-05-11, an attacker chained a pull_request_target Pwn Request, GitHub Actions cache poisoning across the fork↔base trust boundary, and OIDC token extraction from runner memory to publish 84 malicious versions across 42 @tanstack/* packages on npm. Full postmortem.

Google’s Project Zero hackers and DeepMind boffins have collaborated to uncover a zero-day security vulnerability in real-world code for the first time using AI.

That NPM attack could have been so much worse.

Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss

Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it. After reading the description, I found that it states it builds new firmware using an online service.

A new command injection vulnerability in OpenSSH, tracked as CVE-2025-61984, has been disclosed, which could allow an attacker to achieve remote code execution on a victim's machine.

The Apache Software Foundation has released a critical security update for Apache HTTP Server, patching five vulnerabilities, including a dangerous double-free flaw capable of enabling Remote Code Execution (RCE) in version 2.4.67, released on May 4, 2026.

Just a day after Arch Linux developers believed they got their malware AUR incident under control with 1,500+ packages affected by malware, another round of of AUR malware is now being discovered

CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.

After DHS did not renew its funding contract for reasons unspecified, MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program was slated for an abrupt shutdown on April 16, which would have left security flaw tracking in limbo. CISA stepped in to provide a bridge.

OXO is a vulnerability scanning orchestrator that automatically binds tools together allowing for rapid scale.