The Vercel Breach: On Trust, Velocity, and the Tools We Let In
A Roblox cheat download at a third-party AI company triggered a $2M ransom demand against Vercel. Here’s the full attack chain — and what it teaches us about how fast we’re granting access to AI tools.
Read more
After Glasswing: What AI-Powered Vulnerability Discovery Means for Your Infrastructure
Anthropic’s Project Glasswing deployed an AI that autonomously finds and exploits vulnerabilities at machine speed. Firefox 150 just shipped 271 fixes from it. Here’s what it means for your infrastructure, and what the hype gets wrong. Updated April 22.
Read more
The Trivy Supply Chain Attack: A Lesson in Mutable Tags
Between March 19 and 23, 2026, a threat actor known as TeamPCP compromised Aqua Security’s CI/CD pipeline. For four days, anyone who pulled a Trivy container image received malware. Here’s what happened — and what it teaches us about how we reference dependencies.
Read more