paloaltonetworks.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-02.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-02 2026 | What Is LLM (Large Language Model) Security?AI | Guide to LLM security covering fundamental concepts, prominent risks like prompt injection and data leakage, and real-world attack examples such as Microsoft's Tay and PoisonGPT. It emphasizes that LLM security differs from traditional app security due to the probabilistic nature of models, and it details practical implementation strategies across the LLM lifecycle to mitigate vulnerabilities. |
| 2026-05-26 2026 | Why Are Software Supply Chains Under Constant Siege?Supply Chain | Library for securing software supply chains, addressing risks from AI-generated code, compromised dependencies like those in npm, and manipulated CI/CD pipelines. It highlights how AI accelerates development while also enabling sophisticated, autonomous attacks, evolving vulnerability discovery and exploitation. The library targets common attack vectors including open-source vulnerabilities, malicious packages, compromised maintainers, secrets, and developer environments, recognizing trust as a primary exploitable element. |
| 2026-05-23 2026 | How Koi Protects Against Developer Supply ChainsSupply Chain | Library designed for Agentic Endpoint Security (AES) to protect against developer supply chain attacks. It addresses vulnerabilities exploited in the TeamPCP attack on the Nx Console VS Code extension, which leveraged trusted infrastructure abuse, invisible payloads in orphan commits, and credential harvesting. Koi provides frictionless visibility, proactive extension monitoring, and verified update rollouts to neutralize threats before they compromise sensitive data like Vault tokens, AWS metadata, and GitHub tokens, offering a modern alternative to legacy EDR solutions. |
| 2026-04-27 2026 | Bitwarden CLI Impersonation Attack Steals Cloud Credentials and Spreads Across npm Supply ChainsSupply Chain | Writeup of the `@bitwarden/cli` npm supply chain attack by TeamPCP, detailing its worm-like propagation across AWS, Azure, and GCP credentials by harvesting secrets from local filesystems, environment variables, and cloud secret managers. The malicious package, version 2026.4.0, impersonated the legitimate Bitwarden CLI and spread to thousands of users before detection, impacting developer workstations and CI/CD pipelines. |
| 2026-04-22 2026 | What Is Broken Object Property Level Authorization?API Sec | Guide to Broken Object Property Level Authorization, ranked third on OWASP's API Security Top 10 for 2023, details how APIs often fail to restrict access to individual data fields within objects. It covers how this vulnerability manifests in REST and GraphQL APIs, its business impact, and methods for implementing granular property-level access controls to prevent unauthorized reading and modification of sensitive data like internal identifiers or account status. |
| 2026-04-22 2026 | What Is Broken Object Level Authorization?API Sec | Reference detailing Broken Object Level Authorization (BOLA), the top API security risk according to OWASP. This vulnerability arises when APIs fail to properly validate object permissions after function-level access is granted, allowing attackers to manipulate object identifiers within requests, such as direct object references in RESTful APIs, to access unauthorized data. The resource contrasts BOLA with Broken Function Level Authorization (BFLA), emphasizing that BOLA exploits parameter manipulation within authorized endpoints, not privilege escalation. |
| 2026-04-11 2026 | Widespread npm Supply Chain Attack: Billions at RiskSupply Chain | Analysis of a widespread npm supply chain attack targeting 18 popular packages, including debug, chalk, and ansi-styles, which are downloaded billions of times weekly. The attack, initiated via phishing and account compromise, injected crypto-stealing malware designed to hijack cryptocurrency transactions by imperceptibly altering destination addresses before user signing. This incident highlights the critical risks inherent in the open-source software supply chain, emphasizing the need for robust security measures to prevent malicious code propagation within development pipelines and cloud environments. |
| 2026-04-10 2026 | What Is CSRF? - Palo Alto NetworksCSRF | Reference defining CSRF (CWE-352), a web application attack exploiting session-based authentication to trick authenticated users into submitting unintended requests. Attackers leverage the browser's automatic inclusion of session cookies to perform unauthorized actions on behalf of the user without their knowledge or consent, such as changing settings or initiating transactions. This technique plays a supporting role in MITRE ATT&CK techniques like T1530. |
| 2026-03-01 2026 | What Is Server Side Request Forgery? - Palo Alto NetworksSSRF | Reference detailing Server Side Request Forgery (SSRF) or API7:2023, a vulnerability where attackers leverage an application server as a proxy to access internal resources. The content explains how SSRF attacks function, real-world exploitation techniques, business impacts, identification methods, and prevention strategies. It highlights the amplified risk in cloud-native architectures and mentions specific OWASP API Security Top 10 risks such as Broken Object Level Authorization (API1:2023), Broken Authentication (API2:2023), and Security Misconfiguration (API8:2023). |