Threat Intelligence & Research
In-depth technical analysis of emerging threats, industry vulnerabilities, and security trends from our research team.
Subscribe via RSSAnthropic refused to release Claude Mythos for security reasons. Breach windows fell to 22 seconds. Regex WAFs are bypassed by AI at 89-97 percent. How 2026 forced enterprise security from detect-and-respond to contain-by-default.
LLM-driven browser agents fall for 24 percent of indirect prompt-injection attacks. Analysis of the active vector classes, real incidents (including Microsoft's March 2026 malicious-extension disclosure), why traditional XSS defenses don't apply, and what enterprise security should change.
Anthropic disclosed that a state-sponsored group used Claude Code to infiltrate roughly 30 organizations across tech, finance, and government. The new attack pattern — AI coding assistant as the development-workflow vector — and why classic Software Composition Analysis does not catch it.
The year-end retrospective: 6.29 billion web attacks (up 56% from 2024), AI-driven incidents up 89%, the year's critical CVEs (React2Shell, NetScaler, SharePoint, Apache Tika), and the architectural shifts that began in 2025 and accelerated into 2026.
Maximum-severity unauthenticated remote code execution in React 19 and Next.js React Server Components. Why a frontend framework vulnerability puts your backend on the line — and what enterprise defenders should do in priority order.
Technical breakdown of the OWASP Top 10:2025 update, including two new categories: Software Supply Chain Failures and Mishandling of Exceptional Conditions. Impact analysis and defensive recommendations.