Research

61 pieces of security research, engineering and field notes.

OpenClaw's 470 advisories show unauthenticated RCE became a cloud AI platform pattern

OpenClaw's 470 advisories show how cloud AI platforms turn prompt handling, tool calls and host execution into an unauthenticated RCE pattern at scale.

23 June 2026

security13 min read

Authentication bypass in 2026: access validation keeps failing before critical operations

Authentication bypass keeps recurring because modern applications validate identity at convenient edges, then perform critical operations in layers that no longer know whether access was proven.

18 June 2026

security13 min read

PCPJack, polyfill CDN and Bright Data SDK show supply chain attacks moving into runtime weaponisation

Supply chain compromise is shifting from static package poisoning towards runtime weaponisation, where trusted code becomes a credential harvester, traffic broker or covert infrastructure node after deployment.

11 June 2026

security13 min read

CIFSwitch CVE-2026-46243 and PraisonAI show privilege escalation is an architectural antipattern

CIFSwitch CVE-2026-46243 and PraisonAI show why vertical movement often follows from designs that let low-trust identities shape high-trust operations.

4 June 2026

security12 min read

Gogs, PraisonAI and KnowledgeDeliver show authentication bypass is a self-hosted platform design failure

Gogs, PraisonAI and KnowledgeDeliver show why authentication bypass in self-hosted platforms is often an architectural failure, not a missing if statement.

2 June 2026

security13 min read

MCP OAuth token persistence turns AI orchestration into a supply-chain trust boundary

MCP-based AI orchestration moves OAuth tokens, access grants and memory persistence into the same execution path. Credential handling is now the weakest link in the AI supply chain.

28 May 2026

security13 min read

May 2026 developer-tooling compromises: VS Code extensions, PyPI packages and GitHub Actions turned workstations into supply-chain targets

May 2026 supply-chain compromises showed that poisoned developer tooling now targets the identity and execution layer before code reaches a repository.

26 May 2026

security11 min read

GitHub Actions OIDC and TanStack show why 2026 supply chain attacks target release authority

Supply chain compromise has shifted from stealing credentials to poisoning package ecosystems through compromised CI/CD systems, maintainer accounts and trusted execution paths.

19 May 2026

vulnerability8 min read

maboloshi/github-chinese PR #692 fixed DOM XSS in translation results

maboloshi/github-chinese inserted third-party translation API responses into GitHub pages as HTML. PR #692 changes that untrusted response handling to text nodes.

17 May 2026

vulnerability7 min read

RAGFlow PR #14803 removed a CWE-502 pickle RCE footgun from deserialize_b64

RAGFlow's deserialize_b64 helper defaulted to bare pickle.loads behind an unset safety flag. PR #14803 makes RestrictedUnpickler the only path.

15 May 2026

vulnerability9 min read

getsentry/XcodeBuildMCP PR #289 hardens shell escaping in MCP tool execution

getsentry/XcodeBuildMCP accepted MCP tool parameters that could reach /bin/sh -c through unsafe double-quote escaping. PR #289 replaces that path with POSIX single-quote escaping and adds regression coverage.

14 May 2026

android12 min read

Project Zero's Pixel 10 chain shows Android mitigations still leave a zero-click path to root

Google Project Zero's Pixel 10 zero-click chain shows how Android hardening changes exploit shape without removing reachable attack surface in media parsing and device drivers.

14 May 2026

vm212 min read

vm2, NodeVM and Ollama show why JavaScript runtime isolation keeps failing at 300,000 deployments

Recent vm2, NodeVM and Ollama flaws show a recurring failure pattern: developer-friendly JavaScript isolation is being treated as a hard security boundary when the runtime was never designed to provide one.

12 May 2026