[webapps] esm-dev 136 - Path Traversal
esm-dev 136 - Path Traversal
General
20 articles
What’s Next for Enterprise Threat Intelligence in 2026
Top enterprise threat intelligence trends for 2026: AI-augmented CTI, unified platforms, workflow integration, data fusion, budgets, ROI, and maturity.
Black Hat Europe 2025: Was that device designed to be on the internet at all?
Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found
Catching malicious package releases using a transparency log
We’re getting Sigstore’s rekor-monitor ready for production use, making it easier for developers to detect tampering and unauthorized uses of their identitie...
Introducing mrva, a terminal-first approach to CodeQL multi-repo variant analysis
In 2023 GitHub introduced CodeQL multi-repository variant analysis (MRVA). This functionality lets you run queries across thousands of projects using pre-bui...
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
If you don’t look inside your environment, you can’t know its true state – and attackers count on that
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process ...
The Fragile Lock: Novel Bypasses For SAML Authentication
TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: inclu...
Implications of Russia-India-China Trilateral Cooperation
Examines Russia-India-China trilateral cooperation, U.S.
Further Hardening Android GPUs
Posted by Liz Prucka, Hamzeh Zawawy, Rishika Hooda, Android Security and Privacy Team Last year, Google's Android Red Team partnered with Arm to conduct an i...
The big catch: How whaling attacks target top executives
Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe.
GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries
November 2025 CVE Landscape: 10 Critical Vulnerabilities Show 69% Drop from October
November 2025 CVE landscape: 10 exploited critical vulnerabilities, a 69% drop from October, and why Fortinet and Samsung flaws need urgent patching.
Architecting Security for Agentic Capabilities in Chrome
Posted by Nathan Parker, Chrome security team Chrome has been advancing the web’s security for well over 15 years, and we’re committed to meeting new challen...
When the Digital World Turns Physical: The Expanding Role of Threat Intelligence in Executive Protection
Discover how converged threat intelligence protects executives from deepfakes, doxxing, and cyber-enabled physical threats with Recorded Future.
[webapps] Pluck 4.7.7-dev2 - PHP Code Execution
Pluck 4.7.
The Bug That Won't Die: 10 Years of the Same Mistake
Explore a decade of deserialization vulnerabilities, from Java to React/Next.js CVEs, and learn how to harden apps and stay ahead with Recorded Future.
The Hidden Cascade: Why Law Firm Breaches Destroy More than Data
Discover how law firm breaches expose decades of M&A intelligence, client data, and privileged strategy—and how to reduce cascading vendor risk before it hits.
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead Android uses the best of Google AI and our advan...
The Maturity Gap: The Next Frontier in Threat Intelligence
Learn what advanced threat intelligence maturity really means and how to close the gap between current capabilities and predictive, autonomous operations.