Security research, product updates, and supply chain threat intelligence.
Six months of patience, two developer laptops, one weaponized VS Code folder, and 31 transactions. The Drift Protocol hack is the most technically sophisticated social engineering operation ever executed against DeFi.
Read more →The full post-mortem of the Mercor breach: how a cascading supply chain attack through Trivy and LiteLLM gave Lapsus$ full VPN access to an AI hiring platform trusted by OpenAI and Anthropic.
Read more →The full post-mortem of the March 2026 TeamPCP supply chain attack on LiteLLM: how attackers weaponized a trusted vulnerability scanner to hijack 95 million monthly downloads and harvest every credential on infected machines.
Read more →The full post-mortem of the March 2026 CodeWall breach of McKinsey's Lilli: SQL injection in JSON keys, 22 naked endpoints, prompt layer compromise.
Read more →Supply chain attacks are hiding in plain sight. Here's why we built Code Corgi, and how it catches what code review misses.
Read more →Vibe-coded applications skip authentication, hardcode secrets, and ship without security headers. API Phantom is a drop-in framework that fixes all of it.
Read more →How attackers embed malicious instructions in calendar invites, emails, and documents to hijack AI assistants — and how Calendar Sentry's security patch stops it.
Read more →How a single malicious Google Calendar invite gave attackers control of Gemini's AI assistant, exfiltrated emails and location data, and opened smart home windows — without the victim clicking anything.
Read more →