securityboulevard.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-23.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-23 2026 | No Off Season: Three Supply Chain Campaigns Hit npm PyPI and Docker Hub in 48 HoursSupply Chain | No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours https://ift.tt/fIX26Eo |
| 2026-04-22 2026 | Supply Chain Attacks Are Getting WorseHow to Shrink Your ExposureSupply Chain | Supply Chain Attacks Are Getting Worse—How to Shrink Your Exposure https://ift.tt/A90d4Bp |
| 2026-04-17 2026 | JWT Security in 2025: Critical Vulnerabilities for B2B SaaSJWT | JWT Security in 2025: Critical Vulnerabilities for B2B SaaS |
| 2026-04-17 2026 | CVE-2026-34197: Apache ActiveMQ Jolokia RCE VulnerabilityRCE | CVE-2026-34197: Apache ActiveMQ Jolokia RCE Vulnerability https://ift.tt/vXF1s68 |
| 2026-04-16 2026 | DAST Tools: Complete Buyer's Guide & 10 Solutions to know in 2026API Sec | DAST Tools: Complete Buyer's Guide & 10 Solutions to know in 2026 https://ift.tt/Wl9pmgG |
| 2026-04-16 2026 | Windows IKE Service Extensions Vulnerability Enables Remote Code Execution (CVE-2026-33824)RCE | Windows IKE Service Extensions Vulnerability Enables Remote Code Execution (CVE-2026-33824) https://ift.tt/52h4Zep |
| 2026-04-15 2026 | News alert: GitGuardian study shows AI coding tools double leak rates as 29M credentials hit GitHubSecrets | News alert: GitGuardian study shows AI coding tools double leak rates as 29M credentials hit GitHub https://ift.tt/9Aj75kO |
| 2026-04-15 2026 | GitHub Actions Supply Chain Attack: Trivy Breach & WorkflowSupply Chain | GitHub Actions Supply Chain Attack: Trivy Breach & Workflow https://ift.tt/hyjDUWY |
| 2026-04-14 2026 | Microsofts April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)RCE | Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201) https://ift.tt/wKtj9Is |
| 2026-04-14 2026 | Claude Mythos Changed Everything. Your APIs Are the First Target.AI | Claude Mythos Changed Everything. Your APIs Are the First Target. https://ift.tt/6Fg8pei |
| 2026-04-11 2026 | Exploiting API4: 8 Real-World Unrestricted Resource Consumption Attack ScenariosAPI Sec | Exploiting API4: 8 Real-World Unrestricted Resource Consumption Attack Scenarios |
| 2026-04-10 2026 | Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AISupply Chain | Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI https://ift.tt/X80sGqC |
| 2026-04-10 2026 | Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AIAI | Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI https://ift.tt/mYtE5MC |
| 2026-04-10 2026 | Renovate & Dependabot: The New Malware Delivery SystemSupply Chain | Renovate & Dependabot: The New Malware Delivery System https://ift.tt/6lwZ4O8 |
| 2026-04-10 2026 | Update on React Server Components RCE (CVE-2025-55182 / CVE-2025-66478)RCE | Update on React Server Components RCE (CVE-2025-55182 / CVE-2025-66478) |
| 2026-04-10 2026 | CVE-2026-20963: SharePoint Deserialization RCE AnalysisDeser | CVE-2026-20963: SharePoint Deserialization RCE Analysis |
| 2026-04-09 2026 | LangChain Langflow LiteLLM: When AI's Foundation Code Becomes the Attack SurfaceAI | LangChain, Langflow, LiteLLM: When AI's Foundation Code Becomes the Attack Surface https://ift.tt/w8q3jNF |
| 2026-04-08 2026 | AI Security Risks: How Enterprises Manage LLM Shadow AI and Agentic ThreatsAI | AI Security Risks: How Enterprises Manage LLM, Shadow AI and Agentic Threats https://ift.tt/aDYBNA2 |
| 2026-04-06 2026 | 7 Identity and API Security Tools Modern SaaS Teams Should Evaluate in 2026API Sec | 7 Identity and API Security Tools Modern SaaS Teams Should Evaluate in 2026 |
| 2026-04-05 2026 | Critical Remote Code Execution Vulnerability in Cisco Secure Firewall Management Center (CVE-2026-20131)RCE | Critical Remote Code Execution Vulnerability in Cisco Secure Firewall Management Center (CVE-2026-20131) https://ift.tt/UY2FAtg |
| 2026-04-04 2026 | Supply Chain Attacks Surge in March 2026Supply Chain | Supply Chain Attacks Surge in March 2026 https://ift.tt/OAW167L |
| 2026-04-04 2026 | Supply chain attack on Axios npm package: Scope impact and remediationsSupply Chain | Supply chain attack on Axios npm package: Scope, impact, and remediations https://ift.tt/bV5OXBd |
| 2026-04-04 2026 | Critical Grafana Vulnerabilities Enable Remote Code Execution and DoS AttacksRCE | Critical Grafana Vulnerabilities Enable Remote Code Execution and DoS Attacks https://ift.tt/2jJWQP1 |
| 2026-04-04 2026 | AutoSecT Mobile: Automating Android and iOS Security TestingMobile | AutoSecT Mobile: Automating Android and iOS Security Testing https://ift.tt/MdOCWTY |
| 2026-04-03 2026 | The developer credential economy: Why exposure data is the new front line in the supply chain warSupply Chain | The developer credential economy: Why exposure data is the new front line in the supply chain war https://ift.tt/XTeOKNk |
| 2026-04-03 2026 | API Attack Awareness: BOLA - Why It Tops the OWASP API Top 10API Sec | API Attack Awareness: BOLA - Why It Tops the OWASP API Top 10 |
| 2026-04-03 2026 | CyCognito Details Axios Supply Chain Attack After Malicious npm Releases Deliver Remote Access TrojanSupply Chain | CyCognito Details Axios Supply Chain Attack After Malicious npm Releases Deliver Remote Access Trojan https://ift.tt/kOZnfPY |
| 2026-04-02 2026 | Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069Supply Chain | Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069 https://ift.tt/61VrJsp |
| 2026-03-18 2026 | When HttpOnly Isnt Enough: Chaining XSS and GhostScript for Full RCE CompromiseXSS | When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise https://ift.tt/aCJHUB2 |
| 2026-03-09 2026 | CVE-2026-27739: Angular SSR Request Vulnerability Enabling Server-Side Request ForgerySSRF | CVE-2026-27739: Angular SSR Request Vulnerability Enabling Server-Side Request Forgery https://ift.tt/Vm4A7Gl |
| 2026-01-21 2026 | Tenable Discovers SSRF Vulnerability in Java TLS Handshakes That Creates DoS RiskSSRF | Tenable has identified a Server-Side Request Forgery (SSRF) vulnerability in Java TLS handshakes, posing a risk of Denial of Service (DoS) attacks. This vulnerability could potentially allow attackers to manipulate TLS handshakes, leading to service disruptions. It emphasizes the importance of addressing security flaws in Java implementations to prevent exploitation and maintain system integrity. |
| 2026-01-13 2026 | Lack of isolation in agentic browsers resurfaces old vulnerabilitiesXSS | The content discusses how the lack of isolation in agentic browsers has led to the resurgence of old vulnerabilities. This issue highlights the importance of maintaining strong isolation measures within browsers to prevent security breaches and protect user data. By addressing these vulnerabilities and implementing proper isolation techniques, browser developers can enhance security and safeguard against potential threats. |
| 2025-12-18 2025 | DeepChat AI agent XSS-to-RCE via Mermaid and Electron IPCXSS | The content discusses a security vulnerability in the DeepChat AI agent that allows attackers to exploit cross-site scripting (XSS) to achieve remote code execution (RCE) through the Mermaid and Electron IPC components. This vulnerability poses a significant risk to the security of the AI agent and could potentially be exploited by malicious actors to gain unauthorized access and control over the system. It highlights the importance of addressing and patching such vulnerabilities promptly to prevent potential security breaches. |
| 2025-11-26 2025 | Paris The Thinker and why your WAF should block XSS by defaultXSS | The content discusses the importance of implementing default XSS (Cross-Site Scripting) protection in Web Application Firewalls (WAFs). It draws a comparison to Paris, The Thinker, emphasizing the need for proactive security measures. By blocking XSS attacks by default, WAFs can enhance website security and prevent malicious scripts from being injected into web pages. The article likely delves into the significance of safeguarding against XSS vulnerabilities to protect sensitive data and maintain the integrity of online platforms. |
| 2025-11-18 2025 | NDSS 2025 - EvoCrawl: Exploring Web Application Code And State Using Evolutionary SearchXSS | The content discusses NDSS 2025 and introduces EvoCrawl, a method for exploring web application code and state through evolutionary search. This approach aims to enhance the understanding of web applications by systematically analyzing their code and state. EvoCrawl utilizes evolutionary search techniques to navigate through web application components efficiently. The focus is on improving the exploration and comprehension of complex web applications for security and development purposes. |
| 2025-11-07 2025 | NDSS 2025 - YuraScanner: Leveraging LLMs For Task-driven Web App Scanning4XSS | The content discusses YuraScanner, a tool presented at NDSS 2025, that utilizes Large Language Models (LLMs) for task-driven web application scanning. YuraScanner aims to enhance the efficiency and effectiveness of web app security testing by leveraging LLMs to automate scanning processes. This approach can potentially improve the accuracy and coverage of security assessments while reducing manual effort. The tool focuses on task-driven scanning, emphasizing specific security testing objectives. By incorporating LLM technology, YuraScanner demonstrates a novel approach to web app security testing that may offer benefits in terms of automation and precision. |
| 2025-09-20 2025 | How Tenable Found a Way To Bypass a Patch for BentoMLs Server-Side Request Forgery Vulnerability CVE-2025-54381SSRF | Tenable discovered a method to bypass a patch for BentoML's Server-Side Request Forgery Vulnerability CVE-2025-54381. The content discusses this vulnerability and the workaround found by Tenable. |
| 2025-08-14 2025 | 7 Essential Burp Extensions for Hacking APIs - Security BoulevardBurp | The content discusses seven essential Burp extensions for hacking APIs, focusing on enhancing security measures. These extensions are crucial tools for identifying vulnerabilities and ensuring the safety of APIs. By utilizing these extensions, security professionals can effectively test and secure APIs against potential threats and attacks. The article emphasizes the importance of using these tools to enhance the security posture of API implementations. |
| 2025-08-14 2025 | Penetration Testing for Server-Side Request Forgery (SSRF) in E-commerce PlSSRF | The content discusses the importance of conducting penetration testing to identify and address Server-Side Request Forgery (SSRF) vulnerabilities in E-commerce platforms. SSRF can be exploited by attackers to manipulate a server into making unauthorized requests, potentially leading to data breaches or server compromise. Penetration testing helps to proactively detect and mitigate SSRF risks, ensuring the security of E-commerce platforms. |
| 2025-06-11 2025 | Apache Kafka Arbitrary File Read and SSRF Vulnerability (CVE-2025-27817)SSRF | The content discusses a security vulnerability in Apache Kafka, identified as CVE-2025-27817, which allows attackers to perform arbitrary file reads and Server-Side Request Forgery (SSRF) attacks. This vulnerability could potentially lead to unauthorized access to sensitive information or resources. It is crucial for users of Apache Kafka to be aware of this issue and take necessary precautions to mitigate the risk of exploitation. |
| 2025-03-13 2025 | OpenAI Under Attack: CVE-2024-27564 Actively Exploited in the WildSSRF | OpenAI is facing an active cyber attack through CVE-2024-27564, which is being exploited in the wild. The vulnerability poses a significant threat to OpenAI's systems and data security. It is crucial for OpenAI to address this issue promptly to prevent further exploitation and potential damage. Vigilance and immediate action are necessary to mitigate the risks associated with this ongoing attack. |