Blog

Security insights & updates

Updates, blog posts, analysis, and technical deep-dives

Blog

Security insights & updates

Updates, blog posts, analysis, and technical deep-dives

Blog

Security insights & updates

Updates, blog posts, analysis, and technical deep-dives

Featured1

June 4, 20269 min

CVE-2026-35482: NoScope Found an RCE Hidden Inside Alf.io's Extension Sandbox

How NoScope uncovered an authenticated remote code execution flaw in Alf.io's extension system. A single exposed Java binding turned that into full remote code execution on the underlying server.

Security

June 4, 20269 min

CVE-2026-35482: NoScope Found an RCE Hidden Inside Alf.io's Extension Sandbox

How NoScope uncovered an authenticated remote code execution flaw in Alf.io's extension system. A single exposed Java binding turned that into full remote code execution on the underlying server.

Security

May 25, 20267 min

CVE-2026-27771: NoScope Discovered 30,000+ Gitea Instances Exposing Private Container Images for 4 Years

Gitea private container images were accessible to anyone on the internet, no credentials required, across healthcare, aerospace, and critical infrastructure worldwide.

Company

May 8, 202610 min

AI-Generated Code Is Creating a New Class of Vulnerabilities Nobody Is Testing For

AI tools ship faster than your security process can keep up. Here's what's falling through the cracks.