CVE-2026-1847: Remote Code Execution in Popular CI/CD Platform
A critical RCE vulnerability we discovered in a widely-used CI/CD system.
Vulnerability Research
Bypassing SSRF Protections in Cloud Metadata Services
New techniques for accessing cloud instance metadata through SSRF in modern frameworks.
OAuth Token Theft Through Subdomain Takeover
Dangling DNS records enable OAuth token interception in enterprise SSO flows.
Supply Chain Attacks via Typosquatted PyPI Packages
We identified 147 malicious PyPI packages performing credential theft.
Breaking Out of AWS Lambda: Container Escape Through /proc
A novel container escape technique targeting AWS Lambda's execution environment.