Blog

SANDWORM_MODE: Dissecting a Multi-Stage npm Supply Chain Attack

Critical vulnerability in fast-xml-parser allows injection attacks

How Endor Labs' AI SAST engine identified a path traversal vulnerability in OpenClaw's apply_patch tool tracked as (GHSA-r5fq-947m-xm57)

A compromised release of the popular Cline CLI npm package silently installs OpenClaw globally on any machine.

We discovered six vulnerabilities in OpenClaw using Endor Labs’ AI SAST data flow analysis and validated working exploits.

As CVEs surge and AI speeds delivery, container OS reachability is key to reducing noise and real AppSec risk.

Cut container vulnerability noise by up to 90% with full-stack reachability analysis spanning application and container image OS layers.

How Endor Labs AI SAST identified 7 exploitable vulnerabilities in OpenClaw through accurate data flow analysis and systematic exploit validation.

AI coding assistants are introducing systemic architectural weaknesses that have major consequences for application security.

AI is reshaping software development. Learn how security can become invisible guardrails inside the AI SDLC, so teams move faster without compromising safety.

Use a “test-first” prompting pattern to improve AI-generated code security through test-driven development (TDD).

CVE in n8n allows unauthenticated users to achieve remote code execution (RCE) via sandbox escape.

AI coding assistants are reducing simple security flaws, but SAST tools need better context and agent integration to catch what remains.

Evaluate Snyk alternatives that solve alert fatigue and false positives while driving remediation. Compare developer-friendly AppSec platforms, open source tools, and runtime solutions.

Learn why this malware attack vector is a big risk for open source software consumers.

MCP servers inherit classical vulnerabilities like command injection, path traversal, and SSRF. Here's why LLMs and MCP deserve the same security practices as traditional applications.

101 packages disguised as font files distributed 34 TiB of data via npm's infrastructure—with a total of 4.3 PiB transferred via downloads.

Most breaches aren’t CVEs. Learn how subtle code and config changes caused real incidents, and why AI-aware code review is now critical.

Multiple Vulnerabilities Fixed in the Node.js Runtime

Attackers weaponized n8n's community nodes to steal credentials

Critical Host Header Validation Bypass in the Undertow

Critical vulnerability requires upgrade to jsPDF 4.0.0

Endor Labs integrates with Cursor hooks to detect malicious packages before AI agents install dependencies, preventing supply chain attacks at the moment of risk.

CVE-2025-13780 is a critical vulnerability in pgAdmin 4 where whitespace characters bypass regex filters, a common failure mode in input validation.