📔
Get the Burndown to Zero Playbook
A Guide to Making your AppSec Program AI Native.
Read it now.
Features
Pricing
About us
Docs
Blog
Weekly Briefings
Schedule demo
Get updates
Schedule demo
Weekly AppSec Briefings
Industry research analysis, vulnerability trends, triage automation, false positives, and security automation insights from trusted industry reports.
Sign Up for Your Weekly Briefing
Stay up to date on all things AppSec with a weekly email every Thursday.
Check out our
Privacy Notice
for details about how we use the information you provide.
Thanks, you're In!
You should receive your first briefing from us shortly. Check your promotions folder if you can't find it.
Oops! Something went wrong while submitting the form. Please try again.
Read The Latest Briefings
Claude 4.5 Executed the Equifax Breach in Hours | Jan 23-28
AI pentesting now costs $18/hour. npm says zero-days are your problem. Sonnet 4.5 can exploit breaches without customization.
This week: 12+ vulnerabilities disclosed | 8 actively exploited | 3 zero-days
January 28, 2026
AI Coding Tools Systematically Ship Security Flaws Your Scanner Won't Find | Jan 15-21
Tenzai research proves all 5 major AI coding assistants generate critical business logic flaws. Prompt injection hits Google Gemini, Microsoft Copilot, Anthropic MCP. Europe launches GCVE vulnerability database.
This week: 155+ vulnerabilities disclosed | 6 actively exploited | $111.5M in AppSec funding
January 21, 2026
2026 Predictions + Expert Roundup | Jan 9-14
What 30 security leaders learned in 2025 and what they're watching in 2026. Plus EU opens SBOM consultation (Feb 3 deadline) and ZombieAgent compromises ChatGPT via emoji smuggling.
This week: 155+ vulnerabilities disclosed | 3+ actively exploited | 3 zero-days
January 14, 2026
React2Shell Hit Botnets and supply chain vulns cost $ | Jan 1-7
RondoDox botnet weaponizes React2Shell faster than patching cycles. Trust Wallet's $8.5M theft marks first major supply chain financial attribution. Plus 10K firewalls still vulnerable to 5-year-old CVE.
This week: 79 vulnerabilities disclosed | 5 actively exploited | 3 zero-days
January 7, 2026
MongoBleed Exploited Christmas Morning, 87K Servers at Risk | Dec 25-31
MongoBleed exploited within hours of disclosure. OWASP releases first Agentic AI Top 10. Plus AI coding tools face real-world limitations reality check.
This week: 79 vulnerabilities disclosed | 2 actively exploited | 1 zero-day
December 31, 2025
AI Code Ships With 2.74× More Security Flaws | Dec 19-24
CodeRabbit research: AI-generated code has 2.74× more security issues than human-written. NPM package steals WhatsApp credentials after 56K downloads. Plus $11B in security M&A.
This week: 11 vulnerabilities disclosed | 3 actively exploited | 2 zero-days
December 24, 2025
Five China-Nexus Groups Exploited React2Shell | Dec 13-17
Google documents coordinated nation-state exploitation. UK government says prompt injection can't be fully mitigated. Microsoft expands bug bounties to all third-party code.
This week: 11 disclosed | 5 actively exploited | 2 zero-days
December 17, 2025
When the Patch Causes an Outage - React2Shell Broke Cloudflare, Shopify, Zoom | Dec 6-10
React2Shell will be fixed because it has visibility, urgency, and buy-in. Your backlog of medium-severity CVEs will not.
This week: 200+ vulnerabilities disclosed | 2 actively exploited | 3 zero-days
December 10, 2025
Next
