web security
(9 articles)May 19, 2026
OAuth Consent Attacks: Bypassing MFA with Phishing
OAuth consent phishing lets attackers bypass MFA entirely by hijacking app permissions. Learn how the attack works and how to defend your users now.
May 14, 2026
PAN-OS RCE, cURL Bug, AI Tokenizer Attacks: News
PAN-OS RCE, a Mythos cURL bug, and AI tokenizer attacks headline this week's threat bulletin. Here's what developers need to know now.
May 12, 2026
Agentic AI: Security's Next Major Blind Spot
Agentic AI systems are outpacing security teams. Learn why autonomous AI agents create new attack surfaces and what developers must do to stay ahead.
May 11, 2026
Weekly Recap: Linux Rootkit, macOS Crypto Stealer & More
This week's threat roundup covers a Linux rootkit, macOS crypto stealer, and WebSocket skimmers. Here's what developers need to know right now.
April 22, 2026
ASP.NET Core CVE-2026-40372 Privilege Escalation Patched
Microsoft patches CVE-2026-40372, a critical privilege escalation flaw in ASP.NET Core. Learn how it works and how to protect your apps now.
April 15, 2026
Nginx UI Auth Bypass CVE-2026-33032 Exploited
CVE-2026-33032 lets attackers take over Nginx servers without credentials. Over 2,600 instances exposed. Here's what you need to patch now.
April 15, 2026
CVE-2026-33032: nginx-ui Flaw Enables Server Takeover
CVE-2026-33032 in nginx-ui is actively exploited, letting attackers take full control of Nginx servers. Learn what's at risk and how to protect your stack.
April 10, 2026
Marimo RCE CVE-2026-39987 Exploited in 10 Hours
The Marimo RCE flaw CVE-2026-39987 was exploited within 10 hours of disclosure. Learn how it works, what's at risk, and how to protect your stack now.
April 2, 2026
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Attackers exploited CVE-2025-55182 to compromise 766 Next.js hosts and harvest credentials. Here's what happened and how to protect your app.