Blog

Insights, tutorials, and best practices for secure development

A Vendor Breach, an Education-Sector Phishing Wave, and Three Days to the Leak Deadline: The Canvas / Instructure Incident

On April 29, 2026, Instructure detected unauthorized activity in Canvas. By May 7, the same actor had defaced login pages at multiple institutions. ShinyHunters claims data on 275 million users across 8,809 institutions and has set May 12 as a leak deadline. The data scope is narrow — names, emails, student IDs, Canvas messages — and that is precisely what makes the second-order phishing wave dangerous.

May 9, 20268 min read

secretsapi-keyssecurity+3 more

Shannon Entropy Wasn't Enough: Why Betterleaks Replaces Gitleaks

Zach Rice — the creator of Gitleaks — shipped a new scanner called Betterleaks. It uses byte-pair encoding token efficiency instead of Shannon entropy and lifts recall from 70.4% to 98.6% on the CredData benchmark. Here's what that actually means.

May 2, 20268 min read

supply-chainai-securityincidents+2 more

PyTorch Lightning, Mini Shai-Hulud, and Malware That Signs Commits as Claude Code

On April 30, 2026, two malicious versions of the PyPI package lightning — 2.6.2 and 2.6.3 — were published with credential-stealing code that activates on import. The package backs PyTorch Lightning, a 31,000-star AI-training library. The detail worth stopping on: every poisoned commit the worm pushes to victim repositories is authored under a hardcoded identity designed to impersonate Anthropic's Claude Code.

May 1, 20268 min read

phishingemail-securityai-security+2 more

A Real Email From Robinhood Carrying Real Phishing — and the Inbox-Reading Agent Built to Trust It

On April 26, 2026, Robinhood's own mail infrastructure sent phishing emails to its own users. SPF, DKIM, and DMARC all passed. The malicious HTML and phishing URL were interpolated into the email body by an unsanitized device-name field during the attacker's signup flow. Humans noticed on a careful read. Inbox-reading AI agents — built to trust the signed channel and act on what's inside — won't.

Apr 29, 20269 min read

ai-securitycommand-injectiongithub+2 more

A Branch Name as RCE: OpenAI Codex, a Shell Argument, and the GitHub Token It Held

In December 2025, BeyondTrust Phantom Labs reported a textbook OS command injection in OpenAI Codex. The injection vector was a git branch name. The payoff was a GitHub User Access Token with read and write across the user's repos. The patch covered every Codex surface — ChatGPT web, CLI, SDK, and IDE Extension. CWE-78, in a chatbot wrapper.

Apr 27, 20268 min read

supply-chainthird-party-riskai-security+2 more

From a Roblox Cheat to a Vercel Breach: The Context.ai Chain

Vercel got breached in April 2026 through a compromised third-party AI tool used by one employee. The reported chain runs back through several hops to a Roblox cheat download. Here is what happened and what it means for everyone who treats vendor AI tooling as out-of-scope.

Apr 22, 20269 min read

supply-chainci-cdgithub-actions+2 more

When the Scanner Becomes the Weapon: Inside the Trivy/TeamPCP Supply Chain Compromise

On March 19, 2026, a threat actor called TeamPCP turned Trivy — the most widely deployed open-source vulnerability scanner — into a credential-theft tool running inside thousands of CI pipelines. Here is what happened and what it changes for anyone who runs scanners in CI.

Apr 21, 20267 min read

supply-chainpypiai-security+2 more

hermes-px: The PyPI Package That Shipped a Stolen Claude Code System Prompt

A malicious PyPI package marketed as a Tor-routed AI privacy proxy was exfiltrating prompts in plaintext — and shipped a 246,000-character copy of Anthropic's Claude Code system prompt, incompletely rebranded as "AXIOM-1." Here's what it tells us about supply chain trust and system prompt forensics.

Apr 17, 20266 min read

supply-chainnpmmcp+2 more

SANDWORM_MODE: The npm Worm That Turns Your AI Coding Assistant Into a Credential Thief

A self-propagating npm worm plants malicious MCP servers into Claude Code, Cursor, and Windsurf configurations — then uses prompt injection to instruct your AI assistant to collect SSH keys, cloud credentials, and API tokens. Here's how it works and what it means for agentic development security.

Apr 17, 20267 min read

supply-chainwordpressweb-security+1 more

43% of the Internet Runs WordPress. The Plugin Supply Chain Is Wide Open.

Someone bought 31 WordPress plugins on Flippa, waited eight months, then activated a blockchain-controlled backdoor. WordPress.org has no mechanism to flag ownership changes. Here's how the attack worked and why the structural vulnerability remains.

Apr 17, 20268 min read

gdprcompliancesecurity+2 more

What Are the GDPR Security Requirements Developers Need to Follow?

GDPR security requirements under Articles 25 and 32 mandate technical data protection measures. Learn what developers must implement to comply.

Apr 14, 20263 min read

complianceautomationcicd+1 more

Continuous Compliance Automation: Replace Annual Audits With Real-Time Evidence

Continuous compliance automation replaces manual audit prep with automated evidence collection, scan-to-control mapping, and real-time dashboards.

Apr 13, 20263 min read

Showing 1–12 of 191 posts