📔
Get the Burndown to Zero Playbook
A Guide to Making your AppSec Program AI Native.
Read it now.
Features
Pricing
About us
Docs
Blog
Weekly Briefings
Schedule demo
Get updates
Schedule demo
Weekly AppSec Briefings
Industry research analysis, vulnerability trends, triage automation, false positives, and security automation insights from trusted industry reports.
Sign Up for Your Weekly Briefing
Stay up to date on all things AppSec with a weekly email every Thursday.
Check out our
Privacy Notice
for details about how we use the information you provide.
Thanks, you're In!
You should receive your first briefing from us shortly. Check your promotions folder if you can't find it.
Oops! Something went wrong while submitting the form. Please try again.
Read The Latest Briefings
2026 Predictions + Expert Roundup | Jan 9-14
What 30 security leaders learned in 2025 and what they're watching in 2026. Plus EU opens SBOM consultation (Feb 3 deadline) and ZombieAgent compromises ChatGPT via emoji smuggling.
This week: 155+ vulnerabilities disclosed | 3+ actively exploited | 3 zero-days
January 14, 2026
React2Shell Hit Botnets and supply chain vulns cost $ | Jan 1-7
RondoDox botnet weaponizes React2Shell faster than patching cycles. Trust Wallet's $8.5M theft marks first major supply chain financial attribution. Plus 10K firewalls still vulnerable to 5-year-old CVE.
This week: 79 vulnerabilities disclosed | 5 actively exploited | 3 zero-days
January 7, 2026
MongoBleed Exploited Christmas Morning, 87K Servers at Risk | Dec 25-31
MongoBleed exploited within hours of disclosure. OWASP releases first Agentic AI Top 10. Plus AI coding tools face real-world limitations reality check.
This week: 79 vulnerabilities disclosed | 2 actively exploited | 1 zero-day
December 31, 2025
AI Code Ships With 2.74× More Security Flaws | Dec 19-24
CodeRabbit research: AI-generated code has 2.74× more security issues than human-written. NPM package steals WhatsApp credentials after 56K downloads. Plus $11B in security M&A.
This week: 11 vulnerabilities disclosed | 3 actively exploited | 2 zero-days
December 24, 2025
Five China-Nexus Groups Exploited React2Shell | Dec 13-17
Google documents coordinated nation-state exploitation. UK government says prompt injection can't be fully mitigated. Microsoft expands bug bounties to all third-party code.
This week: 11 disclosed | 5 actively exploited | 2 zero-days
December 17, 2025
When the Patch Causes an Outage - React2Shell Broke Cloudflare, Shopify, Zoom | Dec 6-10
React2Shell will be fixed because it has visibility, urgency, and buy-in. Your backlog of medium-severity CVEs will not.
This week: 200+ vulnerabilities disclosed | 2 actively exploited | 3 zero-days
December 10, 2025
98% of Companies Deploy AI Agents, 79% Have No Security Policy | Nov 27 - Dec 3
98% of enterprises deploy AI agents but 79% have no written security policies. Fragmented tooling creates 4-week MTTR for critical vulnerabilities. AI coding tools becoming attack surfaces. $190M+ funding validates automated remediation.
This week: 120 vulnerabilities disclosed | 3 actively exploited | 2 zero-days
December 3, 2025
11 min
npm Worm, CISA Deadlines, and the AI Productivity Question
25,000 npm packages compromised in one week. CISA's December 12 deadline for Oracle Identity Manager. DevOps analysis questions whether AI coding velocity translates to actual productivity.
This week: 6 vulnerabilities disclosed | 1 actively exploited | 2 zero-days
November 26, 2025
Next
