TanStack's CI Published the Malware Itself. SLSA Said the Build Was Fine.84 malicious @tanstack/* versions, 169+ packages including @mistralai/mistralai, all signed with valid SLSA provenance. The architectural failure that made it possible, and what to change in your CI/CD.Enclave TeamMay 12, 2026
CVE-2026-41940: One Missed Function Call: Inside the 64-Day cPanel Zero-DayA two-hour patch was preceded by 64 days of silent root access on 1.5 million servers. The sanitizer existed. It just wasn't called from one path.Enclave TeamMay 4, 2026
AI Code Review for AppSec Teams: Triage, Not Robot ApprovalAI code review works best when it narrows AppSec attention: which pull requests deserve human judgment, why they matter, and what evidence to review next.Enclave TeamMay 3, 2026
Secure Code Review Checklist for AI-Generated Pull RequestsA practical secure code review checklist for AI-generated pull requests: what to inspect, what evidence to require, and when to stop the merge.Enclave TeamMay 3, 2026
Application Security Automation: Fix the Handoff, Not the Alert CountApplication security automation fails when it produces more alerts than action. The real work is moving risk to the right owner with the right context.Enclave TeamMay 3, 2026
AI Code Security: The Real Risk of AI-Generated Code Is PlausibilityAI code security is hard because generated code can look polished while missing product context, security conventions, and the tests that prove it is safe.Enclave TeamMay 3, 2026
Vibe Coding Security Risks: The Blast Radius Still Has an OwnerVibe coding can accelerate prototyping, but AppSec leaders still need ownership, review gates, data rules, and production guardrails.Enclave TeamMay 3, 2026
Your Data Warehouse Is Only as Secure as the Analytics Tool Connected to ItShinyHunters breached Anodot and used stolen integration tokens to access dozens of Snowflake environments. No Snowflake vulnerability required. The trust architecture that connects modern SaaS stacks is fundamentally fragile.Enclave TeamApril 13, 2026
Your Observability Stack Just Became an Attack SurfaceGrafanaGhost chains three bypasses to silently exfiltrate enterprise data through Grafana's AI assistant. No credentials, no trace, no SIEM alerts. Here's why traditional tools miss it entirely.Enclave TeamApril 8, 2026
Claude Code's Deny Rules Stop Working After 50 Commands. The Fix Was Already Written.Anthropic hard-coded a 50-subcommand analysis cap in Claude Code's security engine. Above that threshold, deny rules stop firing silently. The fix was already written and tested in their codebase. It was never shipped to customers.Enclave TeamApril 7, 2026
North Korea Stole $285M From a DeFi Protocol. The Attack Started With a Handshake.Drift Protocol lost $285 million to a North Korean state group that spent six months building trust in person. Here is how the operation worked and what it means for every company that takes meetings with external partners.Enclave TeamApril 6, 2026
Microsoft Says It's "By Design." 25,000 Azure API Portals Say It's a Problem.Azure APIM's "disable signup" toggle is cosmetic. The API endpoint stays open. 97.9% of 25,000+ portals are still exploitable. Microsoft says it's by design.Enclave TeamApril 6, 2026
Your SSO Is Only as Secure as the Endpoint That Configures ItCVE-2026-30823 shows how enterprise SSO can be bypassed by attacking the unauthenticated API endpoint that controls login configuration, not the login protocol itself.Enclave TeamApril 6, 2026
