The token that skips the login
Attack Research
2026-06-15
10 min read
The defining SaaS breach pattern of 2026 is not a cracked password and not a phish. It is a stolen third-party-integration OAuth token that skips your login, never triggers MFA, and pivots across your connected platforms. Here is how integration-token theft works, why your login alerts stay quiet, and how to audit your connected-app surface with evidence.
One DELETE to erase everyone
Attack Research
2026-06-15
12 min read
Your read endpoints are authorization-hardened. Your DELETE route is one line of code nobody tenant-scoped, and a single request erases every tenant's sources, agents, and assessments at once. Destructive operations are routinely under-gated relative to reads. Here is the decision tree from finding the destructive endpoint to platform-wide destruction, grounded in CVE-2026-53469, and the class test that covers every write and delete route.
Signature-valid is not authorized-for-t…
Attack Research
2026-06-15
12 min read
The token's signature is valid. The agent verifies it and proceeds. But it never checks that the token's source_id claim matches the resource the caller asked for, so a tenant with a perfectly valid token of its own reads and rewrites another tenant's object. Here is the JWT claim-binding decision tree, grounded in CVE-2026-53471 against the kubev2v migration-planner, and the contract that ends the class.
The auxiliary service nobody gated
Attack Research
2026-06-14
11 min read
The main application authenticates every request. A PostgreSQL helper process bundled alongside it listens on the network and authenticates nothing. Truncate the right file, a config, a license, an audit log, and a weird endpoint becomes an integrity and availability compromise. Grounded in CVE-2026-20253 (CVSS 9.8), the unauthenticated file create and truncate in Splunk's PostgreSQL sidecar. Here is the trust-boundary decision tree your front-door scanner never walks.
The lethal trifecta is an architecture…
Attack Research
2026-06-14
10 min read
OWASP's State of Agentic AI names the lethal trifecta: untrusted input, access to private data, and the ability to act or exfiltrate. When one agent holds all three, no prompt filter saves you. Here is why the fix is an architecture boundary, not a smarter guardrail, and the controls that break the chain.
The agent that disabled its own certifi…
Attack Research
2026-06-14
10 min read
A migration agent installed to manage infrastructure hardcodes an insecure TLS configuration when it connects to vCenter. An adjacent-network attacker intercepts the session and harvests vCenter admin credentials. CVE-2026-53475 (CVSS 9.3, CWE-295) is the anchor. Here is the attacker decision tree, why version scanners miss it, and the fix that ends the class.
Serverless on Kubernetes
Attack Research
2026-06-13
13 min read
A serverless platform hands tenants a builder and a router so they can ship functions without touching the cluster. The moment either is reachable without authentication, or accepts an unvalidated pod spec, the convenience becomes the breach: deploy a pod, reach the node, lift the service-account token, own the cluster. Grounded in the Fission RCE pair CVE-2026-50545 and CVE-2026-50563 (CVSS 9.9) and the unauthenticated-router invocation CVE-2026-46614.
The sandbox you trust to run untrusted…
Attack Research
2026-06-13
13 min read
You run untrusted code inside a sandbox and trust the boundary. CI jobs, AI tool-execution, multi-tenant build runners: all of it leans on the assumption that the box holds. A sandbox or micro-VM escape collapses that assumption and the host runs the attacker's code. Here is the escape decision tree, grounded in CVE-2026-46695 (Boxlite, CVSS 10.0) and the runc and cgroups escapes before it, and the defense-in-depth that ends the class.
The exposed LLM builder
Attack Research
2026-06-13
12 min read
A team stands up a low-code LLM app builder for a prototype, leaves the UI and API reachable, and forgets it. That instance holds the model-provider keys, the database credentials, and the tools the agent can call. CVE-2026-46442 (CVSS 9.9) turns Flowise into authenticated remote code execution through the custom-function node. Here is the decision tree from a discovered builder to host compromise, and the boundary that ends it.
The WordPress plugin failure class
Attack Research
2026-06-12
12 min read
A WordPress plugin ships a frontend AJAX endpoint that skips the capability check and trusts the client-supplied Content-Type. An unauthenticated visitor uploads what they want, or self-registers as an administrator. CVE-2026-9067 and CVE-2025-6254 are this week's reminders that the per-plugin CVE churn never ends, but the underlying class is one repeatable test. Here is the decision tree, and the control that closes the whole family.
Template injection
Attack Research
2026-06-12
11 min read
A framework's own templating is trusted as safe. Then attacker-influenced text reaches the template compiler and edit your profile bio becomes code execution on the app server. Server-side template injection recurs across every framework, from Jinja2 sandbox escapes to OGNL remote code execution to modern HEEx-style HTML templating. Here is the decision tree from a template-rendered sink to RCE, why a CVE-by-CVE scanner lags a class test, and the fix that ends the class.
The cross-tenant read your monitoring d…
Attack Research
2026-06-12
13 min read
Your ops and monitoring tooling holds every tenant's server inventory, configs, and the SSH credentials it uses to reach them. When its object-level authorization is the weakest link, a scoped guest account reads and rewrites another tenant's data with no exploit at all. Here is the cross-tenant BOLA decision tree in ops tooling, grounded in CVE-2026-45550, CVE-2026-45552, and CVE-2026-45563 against Roxy-WI, and the contract that ends the class.
The key was in the box
Attack Research
2026-06-11
10 min read
A product ships with a fixed JWT signing key baked into its source, image, or binary. Anyone who pulls the artifact mints valid tokens and walks in as anyone. CVE-2026-48031 set the secret to the literal string random. Here is the attacker decision tree, why runtime scanners never see it, and the fix that ends the class.
The quoting helper lied
Attack Research
2026-06-11
11 min read
A developer wraps untrusted input in a quoting helper they believe neutralizes the shell, then hands the result to a command. But the helper has a bypass, or was never applied to the path that re-parses the string back into argv. The input arrives at the shell as a flag or an operator, and a trusted dependency executes attacker commands. Atril (CVE-2026-46529), Dulwich (CVE-2026-42563), and Gogs (CVE-2026-52806) all shipped this class in 2026. Here is the attacker decision tree and the dependency-aware test that finds it.
RoguePlanet
Attack Research
2026-06-10
9 min read
A time-of-check to time-of-use window in a privileged service is a quiet primitive: win the race and a low-privilege account is handed SYSTEM. CVE-2026-47281 is the clean specimen. Here is the decision tree from a local foothold to full host control, why a banner-matching scanner misses it, and the fix that closes the window.
A record Patch Tuesday and the Exchange…
Attack Research
2026-06-09
9 min read
A record-setting Patch Tuesday buried the one fix that actually mattered: an Exchange zero-day already exploited in the wild. Here is how to read a giant patch batch for the vulnerabilities that change your risk this week, the decision tree behind the Exchange flaw, and the prioritization that beats patching by CVSS alone.
The VPN session that needs no password
Attack Research
2026-06-08
10 min read
The remote-access gateway is the front door to the building, and CVE-2026-50751 lets an attacker walk through it without a password. An IKEv1 authentication bypass on a Check Point edge appliance is a pre-auth pivot into the internal network. Here is the attacker decision tree, and why a single-request probe misses it.
The fork that runs in your trusted context
Attack Research
2026-06-05
10 min read
A misused pull_request_target workflow runs a fork's untrusted code with the repository's own secrets, and that single trust mistake poisoned 172 packages (CVE-2026-45321). Here is the decision tree from an opened pull request to credential theft and supply-chain compromise, and the workflow contract that ends the class.
MCP unauthenticated tool-invocation
Attack Research
2026-06-02
13 min read
The rug-pull was the symptom. The class behind it is an MCP server that invokes tools for a caller it never authenticated. CVE-2026-33032 is one CVE old. The official SDK ships DNS-rebinding protection off by default. Here is the decision tree from an exposed MCP server to unauthenticated tool execution, and the auth boundary that ends it.
Multi-tenant isolation
Attack Research
2026-06-01
14 min read
Your IAM policy is correct. Your namespace RBAC is correct. And an attacker with a scoped foothold in one tenant still reads another tenant's data. Isolation fails at the runtime trust boundary your static cloud-posture scanner cannot see. Here is the cross-tenant read decision tree, grounded in CVE-2024-7646 and CVE-2024-9594, and the contract that ends the class.
Reading the extortion economy
Attack Research
2026-05-29
14 min read
The cyber-extortion economy runs on commodity tooling: TamperedChef's reused signing certs, ROADtools' Azure AD recon, the copy_file_range Linux LPE (CVE-2026-31431). None of it is exotic. All of it is instrumentable. Here is the detection decision tree defenders should wire up, signal by signal.
PAN-OS this quarter
Attack Research
2026-05-28
14 min read
A cluster of PAN-OS and GlobalProtect CVEs landed this quarter, CVE-2026-0227 through CVE-2026-0265, with one captive-portal zero-day (CVE-2026-0300) already exploited in the wild. The common thread is an exposed management plane. Here is the attacker decision tree from an exposed mgmt interface to config and credential access, and the re-audit that closes it.
SAML desync
Attack Research
2026-05-26
14 min read
A SAML assertion is signed XML. The signature covers a digest of the document, but which bytes are the document? When the canonicalizer and the signature verifier disagree, an attacker injects a forged assertion the verifier validates and the application trusts. CVE-2024-45409 turned ruby-saml into exactly that. Here is the attacker decision tree from an altered assertion to any authenticated session, and the assertion-binding fix.
When the IDE is the initial access
Attack Research
2026-05-22
14 min read
A developer accepts an extension auto-update. Buried in the bundle is a credential stealer that walks .npmrc, .git-credentials, the AWS profile and SSH keys, then phones home. CVE-2026-48027 turned the Nx Console extension into initial access for an entire CI estate. Here is the attacker decision tree from one malicious install to GitHub, cloud, and pipeline compromise.
NetScaler session mixup
Identity
2026-05-15
13 min read
CitrixBleed taught the world to read NetScaler memory. CVE-2026-4368 is the quieter sibling: a race-condition session mixup on the edge appliance that hands one user another user's authenticated session, and a probe that checks a banner or fires a single request misses it entirely. Here is the decision tree from an unauthenticated request to an internal pivot.
The chain nobody models
Validation
2026-05-14
14 min read
Commodity scanners stop at single-issue depth. Real operators don't. They cross a business-logic primitive into a cloud-admin primitive over five, six, seven steps. MOVEit (CVE-2023-34362) and Confluence (CVE-2023-22515) showed the world that the deep chain is the breach. Here is the attacker decision tree, and why your scanner never sees it.
Lateral movement at AI speed
Attack Research
2026-05-09
14 min read
Mandiant's M-Trends 2026 reports the median initial-access-to-handoff time has collapsed from eight hours to twenty-two seconds. The fastest observed lateral move took four minutes. If your detection pipeline runs on hourly batches, you are watching a movie of an attacker who already left.
Why JWT alg-confusion still works in 20…
Attack Research
2026-05-08
13 min read
Five new alg-confusion CVEs landed in Q1 2026 alone, rated CVSS 8.2 to 9.1, with working PoCs on day one. The pattern is fifteen years old. The libraries that ship with it are everywhere. Here is the attacker decision tree, and the one-line validation rule that ends the class.
OAuth state-parameter exploitation
Attack Research
2026-05-06
13 min read
OAuth's state parameter is the protocol's CSRF token. Most teams treat it as boilerplate, copy a sample value, and ship. Attackers know this. We walk the four-step exploit, the recent in-the-wild campaigns, and the validation contract that closes it permanently.
How attackers chain SSRF and cloud meta…
Attack Research
2026-05-05
15 min read
SSRF into the instance metadata service is the dominant 2025-2026 cloud-side initial-access pattern. We walk the attacker's decision tree from a benign-looking image upload to keys-of-the-kingdom IAM credentials, and the seven configuration changes that cut the class in one sprint.
The thirty-second exploit-and-fix cycle
Attack Research
2026-05-04
15 min read
Mandiant says mean time-to-exploit has gone negative: attackers now weaponise vulnerabilities before vendors patch. Quarterly pentests cannot keep up. Here is what a continuous, signed, replayable validation loop looks like at sixty-second cadence, and the operational changes it forces.
CELVEX Group