Research, News, and Perspectives

Sztuczna inteligencja (AI)

The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables

An OAuth supply chain compromise at Vercel exposed how trusted third party apps and platform environment variables can bypass traditional defenses and amplify blast radius. This article examines the attack chain, underlying design tradeoffs, and what it reveals about modern PaaS and software supply chain risk.

Research Apr 20, 2026

Save to Folio

Research Apr 20, 2026

Save to Folio

Sztuczna inteligencja (AI)

Identity Protection in the AI Era

Enterprises aiming to predict and mitigate human, machine, and AI‑agent risks at scale demand AI‑powered identity‑first security without compromise.

Latest News Apr 13, 2026

Save to Folio

Latest News Apr 13, 2026

Save to Folio

APT i ataki ukierunkowane

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026

The first quarter of 2026 has reinforced a hard truth: U.S. government agencies and educational institutions are operating in the most hostile cyber threat environment ever recorded.

Expert Perspective Apr 09, 2026

Save to Folio

Expert Perspective Apr 09, 2026

Save to Folio

Sztuczna inteligencja (AI)

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk.

Research Apr 07, 2026

Save to Folio

Research Apr 07, 2026

Save to Folio

Sztuczna inteligencja (AI)

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads

A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.

Research Apr 03, 2026

Save to Folio

Research Apr 03, 2026

Save to Folio

Prywatność i ryzyko

TrendAI Insight: New U.S. National Cyber Strategy

TrendAI reviews the White House National Cyber Strategy, outlining six pillars to strengthen U.S. cybersecurity—from deterrence and regulation to federal modernization, critical infrastructure protection, AI leadership, and workforce development.

Latest News Apr 01, 2026

Save to Folio

Latest News Apr 01, 2026

Save to Folio

Sztuczna inteligencja (AI)

The Real Risk of Vibecoding

This blog looks at how AI‑driven vibecoding speeds up software development while increasing security risk by outpacing traditional review and ownership. It explains why security needs to move earlier and be built into modern development workflows.

Expert Perspective Mar 31, 2026

Save to Folio

Expert Perspective Mar 31, 2026

Save to Folio

Cyberzagrożenia

Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads

A supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions containing a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files with clean decoys, making detection challenging.

Latest News Mar 31, 2026

Save to Folio

Latest News Mar 31, 2026

Save to Folio

Sztuczna inteligencja (AI)

TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats

TrendAI™ Research explored agentic AI cybercrime and EV infrastructure security through two research sessions at RSAC 2026.

Latest News Mar 31, 2026

Save to Folio

Latest News Mar 31, 2026

Save to Folio

Złośliwe oprogramowanie

TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM

Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows.

Research Mar 30, 2026

Save to Folio

Research Mar 30, 2026

Save to Folio