ShinyHunters breached Anodot and used stolen integration tokens to access dozens of Snowflake environments. No Snowflake vulnerability required. The trust architecture that connects modern SaaS stacks is fundamentally fragile.
GrafanaGhost chains three bypasses to silently exfiltrate enterprise data through Grafana's AI assistant. No credentials, no trace, no SIEM alerts. Here's why traditional tools miss it entirely.
Anthropic hard-coded a 50-subcommand analysis cap in Claude Code's security engine. Above that threshold, deny rules stop firing silently. The fix was already written and tested in their codebase. It was never shipped to customers.
Drift Protocol lost $285 million to a North Korean state group that spent six months building trust in person. Here is how the operation worked and what it means for every company that takes meetings with external partners.
Azure APIM's "disable signup" toggle is cosmetic. The API endpoint stays open. 97.9% of 25,000+ portals are still exploitable. Microsoft says it's by design.
CVE-2026-30823 shows how enterprise SSO can be bypassed by attacking the unauthenticated API endpoint that controls login configuration, not the login protocol itself.
