Web Security

3 posts in this research lane.

Jun 13, 2026 10 min read

GitHub Issue to Supply Chain Compromise: How Prompt Injection Turned AI Agents into the New CI/CD Kill Chain

When a single GitHub issue can poison an AI agent, steal pipeline credentials, and publish malicious packages to production registries — all without a single binary payload.

#prompt-injection #supply-chain #ci-cd #ai-agents #github-actions #llm-security #vulnerability-research

Jun 11, 2026 5 min read

Weaponizing Secure Email Gateways: When the Sandbox Clicks for the Attacker

When the SEG's sandbox click triggers real actions, the defender becomes the attacker's proxy.

#business-logic #email-security #seg #ssrf-adjacent #authentication-bypass #owasp

Aug 4, 2025 5 min read

The Treasure of Finding Vulnerabilities: A Researcher's Guide to Secure Code Review

A risk-based methodology for finding the vulnerabilities that scanners and pentests miss.

#code-review #sast #sdlc #methodology #owasp #shift-left