Blog

The Pipe That Trusted Everyone ↗OpenAI
CVE-2026-35603: One Writable Folder, Every User Compromised ↗AnthropicCursorOpenAIGoogle
When a Web Search Becomes a Backdoor: RCE in Codex CLI via Prompt Injection ↗OpenAI
When AI Tools Become the Backdoor: Zero-Click RCE via Prompt Injection ↗AmazonCursorGitHubGoogleOpenAI
CVE-2025-64669: Uncovering Local Privilege Escalation in Windows Admin Center ↗Microsoft
CVE-2026-32196: One-Click RCE via Windows Admin Center Control Flow Hijacking ↗Microsoft
The Race to Ship AI Tools Left Security Behind. Part 1: Sandbox Escape ↗AnthropicGoogleOpenAI
Uncovered: Improper Attestation Signature Validation in Windows Admin Center ↗Microsoft
InversePrompt: Turning Claude Against Itself, One Prompt at a Time ↗Anthropic
EscapeRoute: Breaking the Scope of Anthropic's Filesystem MCP Server ↗Anthropic
Path Traversal in AWS SSM Agent's Plugin ID Validation ↗Amazon
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD ↗Microsoft
How Cymulate Discovered an Abuse Risk in Google Cloud Platform ↗Google