Application Security Feed
@appsecfeed.bsky.social
⚠️ Bot Account ⚠️
Follow for my hand-curated application security feed. Contains multiple newsletters, blogs, HackerNews feeds, and more.
💬 Run by @alp1n3.dev. Reach out with any suggestions for improvement!
Follow for my hand-curated application security feed. Contains multiple newsletters, blogs, HackerNews feeds, and more.
💬 Run by @alp1n3.dev. Reach out with any suggestions for improvement!
🗞️ Former NYC Mayor Eric Adams accused of rug pull as NYC Token crashes
🔗 https://web3isgoinggreat.com/single/nyc-token-crash
🔗 https://web3isgoinggreat.com/single/nyc-token-crash
January 14, 2026 at 12:34 PM
🗞️ Former NYC Mayor Eric Adams accused of rug pull as NYC Token crashes
🔗 https://web3isgoinggreat.com/single/nyc-token-crash
🔗 https://web3isgoinggreat.com/single/nyc-token-crash
🗞️ Building the Talent Engine Behind TRM's Mission to Protect Billions | TRM Blog
🔗 https://www.trmlabs.com/resources/blog/building-the-talent-engine-behind-trms-mission-to-protect-billions
🔗 https://www.trmlabs.com/resources/blog/building-the-talent-engine-behind-trms-mission-to-protect-billions
January 14, 2026 at 12:33 PM
🗞️ Building the Talent Engine Behind TRM's Mission to Protect Billions | TRM Blog
🔗 https://www.trmlabs.com/resources/blog/building-the-talent-engine-behind-trms-mission-to-protect-billions
🔗 https://www.trmlabs.com/resources/blog/building-the-talent-engine-behind-trms-mission-to-protect-billions
🗞️ Exploiting LLM Write Primitives: System Prompt Extraction When Chat Output Is Locked Down
🔗 https://www.praetorian.com/blog/exploiting-llm-write-primitives-system-prompt-extraction-when-chat-output-is-locked-down/
🔗 https://www.praetorian.com/blog/exploiting-llm-write-primitives-system-prompt-extraction-when-chat-output-is-locked-down/
January 14, 2026 at 12:32 PM
🗞️ Exploiting LLM Write Primitives: System Prompt Extraction When Chat Output Is Locked Down
🔗 https://www.praetorian.com/blog/exploiting-llm-write-primitives-system-prompt-extraction-when-chat-output-is-locked-down/
🔗 https://www.praetorian.com/blog/exploiting-llm-write-primitives-system-prompt-extraction-when-chat-output-is-locked-down/
🗞️ Mitigating DoS Vulnerability from Unrecoverable Stack Space Exhaustion
🔗 https://nodejs.org/en/blog/vulnerability/january-2026-dos-mitigation-async-hooks
🔗 https://nodejs.org/en/blog/vulnerability/january-2026-dos-mitigation-async-hooks
January 14, 2026 at 12:31 PM
🗞️ Mitigating DoS Vulnerability from Unrecoverable Stack Space Exhaustion
🔗 https://nodejs.org/en/blog/vulnerability/january-2026-dos-mitigation-async-hooks
🔗 https://nodejs.org/en/blog/vulnerability/january-2026-dos-mitigation-async-hooks
🗞️ Claude Code CVE-2025-66032: Why Allowlists Aren't Enough
🔗 https://niyikiza.com/posts/cve-2025-66032/
🔗 https://niyikiza.com/posts/cve-2025-66032/
January 14, 2026 at 12:30 PM
🗞️ Claude Code CVE-2025-66032: Why Allowlists Aren't Enough
🔗 https://niyikiza.com/posts/cve-2025-66032/
🔗 https://niyikiza.com/posts/cve-2025-66032/
🗞️ Tackling Technical Debt before It Owns Your Roadmap
🔗 https://www.netspi.com/blog/executive-blog/ciso-perspectives/tackling-technical-debt-before-it-owns-your-roadmap/
🔗 https://www.netspi.com/blog/executive-blog/ciso-perspectives/tackling-technical-debt-before-it-owns-your-roadmap/
January 13, 2026 at 12:36 PM
🗞️ Tackling Technical Debt before It Owns Your Roadmap
🔗 https://www.netspi.com/blog/executive-blog/ciso-perspectives/tackling-technical-debt-before-it-owns-your-roadmap/
🔗 https://www.netspi.com/blog/executive-blog/ciso-perspectives/tackling-technical-debt-before-it-owns-your-roadmap/
🗞️ Sift or Get Off the PoC: Vulnerability Research via Information Retrieval
🔗 https://arxiv.org/abs/2512.06155
🔗 https://arxiv.org/abs/2512.06155
January 13, 2026 at 12:35 PM
🗞️ Sift or Get Off the PoC: Vulnerability Research via Information Retrieval
🔗 https://arxiv.org/abs/2512.06155
🔗 https://arxiv.org/abs/2512.06155
🗞️ CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks
🔗 https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-gogs-rce-flaw-exploited-in-zero-day-attacks/
🔗 https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-gogs-rce-flaw-exploited-in-zero-day-attacks/
January 13, 2026 at 12:34 PM
🗞️ CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks
🔗 https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-gogs-rce-flaw-exploited-in-zero-day-attacks/
🔗 https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-gogs-rce-flaw-exploited-in-zero-day-attacks/
January 13, 2026 at 12:33 PM
January 13, 2026 at 12:32 PM
🗞️ TRM Deconflict: A Unified Network for Every Crypto Investigator | TRM Blog
🔗 https://www.trmlabs.com/resources/blog/trm-deconflict-a-unified-network-for-every-crypto-investigator
🔗 https://www.trmlabs.com/resources/blog/trm-deconflict-a-unified-network-for-every-crypto-investigator
January 13, 2026 at 12:31 PM
🗞️ TRM Deconflict: A Unified Network for Every Crypto Investigator | TRM Blog
🔗 https://www.trmlabs.com/resources/blog/trm-deconflict-a-unified-network-for-every-crypto-investigator
🔗 https://www.trmlabs.com/resources/blog/trm-deconflict-a-unified-network-for-every-crypto-investigator
🗞️ Lack of isolation in agentic browsers resurfaces old vulnerabilities
🔗 https://blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/
🔗 https://blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/
January 13, 2026 at 12:30 PM
🗞️ Lack of isolation in agentic browsers resurfaces old vulnerabilities
🔗 https://blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/
🔗 https://blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/
🗞️ React Router has XSS Vulnerability · CVE-2025-59057
🔗 https://github.com/advisories/GHSA-3cgp-3xvw-98x8
🔗 https://github.com/advisories/GHSA-3cgp-3xvw-98x8
January 12, 2026 at 12:31 PM
🗞️ React Router has XSS Vulnerability · CVE-2025-59057
🔗 https://github.com/advisories/GHSA-3cgp-3xvw-98x8
🔗 https://github.com/advisories/GHSA-3cgp-3xvw-98x8
🗞️ Silent Rebuilds: Keeping Container CVE Counts Near-Zero
🔗 https://www.bretfisher.com/silent-rebuilds/
🔗 https://www.bretfisher.com/silent-rebuilds/
January 12, 2026 at 12:30 PM
🗞️ Silent Rebuilds: Keeping Container CVE Counts Near-Zero
🔗 https://www.bretfisher.com/silent-rebuilds/
🔗 https://www.bretfisher.com/silent-rebuilds/
January 10, 2026 at 12:32 PM
🗞️ International Cybercrime Operation Leads to 574 Arrests and USD 3 Million in Recovered Funds | TRM Blog
🔗 https://www.trmlabs.com/resources/blog/international-cybercrime-operation-leads-to-574-arrests-and-usd-3-million-in-recovered-funds-2
🔗 https://www.trmlabs.com/resources/blog/international-cybercrime-operation-leads-to-574-arrests-and-usd-3-million-in-recovered-funds-2
January 10, 2026 at 12:31 PM
🗞️ International Cybercrime Operation Leads to 574 Arrests and USD 3 Million in Recovered Funds | TRM Blog
🔗 https://www.trmlabs.com/resources/blog/international-cybercrime-operation-leads-to-574-arrests-and-usd-3-million-in-recovered-funds-2
🔗 https://www.trmlabs.com/resources/blog/international-cybercrime-operation-leads-to-574-arrests-and-usd-3-million-in-recovered-funds-2
January 10, 2026 at 12:30 PM
🗞️ How We Made Airflow Development 20x Faster | TRM Blog
🔗 https://www.trmlabs.com/resources/blog/how-we-made-airflow-development-20x-faster
🔗 https://www.trmlabs.com/resources/blog/how-we-made-airflow-development-20x-faster
January 9, 2026 at 12:37 PM
🗞️ How We Made Airflow Development 20x Faster | TRM Blog
🔗 https://www.trmlabs.com/resources/blog/how-we-made-airflow-development-20x-faster
🔗 https://www.trmlabs.com/resources/blog/how-we-made-airflow-development-20x-faster
🗞️ How Two UK-registered Companies Moved Over a Billion in Stablecoins for the IRGC | TRM Blog
🔗 https://www.trmlabs.com/resources/blog/how-two-uk-registered-companies-moved-over-a-billion-in-stablecoins-for-the-irgc
🔗 https://www.trmlabs.com/resources/blog/how-two-uk-registered-companies-moved-over-a-billion-in-stablecoins-for-the-irgc
January 9, 2026 at 12:36 PM
🗞️ How Two UK-registered Companies Moved Over a Billion in Stablecoins for the IRGC | TRM Blog
🔗 https://www.trmlabs.com/resources/blog/how-two-uk-registered-companies-moved-over-a-billion-in-stablecoins-for-the-irgc
🔗 https://www.trmlabs.com/resources/blog/how-two-uk-registered-companies-moved-over-a-billion-in-stablecoins-for-the-irgc
🗞️ Brew-vulns: CVE scanning for Homebrew
🔗 https://nesbitt.io/2026/01/08/brew-vulns-cve-scanning-for-homebrew.html
🔗 https://nesbitt.io/2026/01/08/brew-vulns-cve-scanning-for-homebrew.html
January 9, 2026 at 12:35 PM
🗞️ Brew-vulns: CVE scanning for Homebrew
🔗 https://nesbitt.io/2026/01/08/brew-vulns-cve-scanning-for-homebrew.html
🔗 https://nesbitt.io/2026/01/08/brew-vulns-cve-scanning-for-homebrew.html
🗞️ Exploiting deobfuscation in ImunifyAV for code execution (CVE-2025-65530)
🔗 https://blog.popovs.lv/imunifyav-code-execution/
🔗 https://blog.popovs.lv/imunifyav-code-execution/
January 9, 2026 at 12:34 PM
🗞️ Exploiting deobfuscation in ImunifyAV for code execution (CVE-2025-65530)
🔗 https://blog.popovs.lv/imunifyav-code-execution/
🔗 https://blog.popovs.lv/imunifyav-code-execution/
🗞️ CVE-2026-21876: Critical Multipart Charset Bypass Fixed in CRS 4.22.0 and 3.3.8
🔗 https://coreruleset.org/20260106/cve-2026-21876-critical-multipart-charset-bypass-fixed-in-crs-4.22.0-and-3.3.8/
🔗 https://coreruleset.org/20260106/cve-2026-21876-critical-multipart-charset-bypass-fixed-in-crs-4.22.0-and-3.3.8/
January 9, 2026 at 12:33 PM
🗞️ CVE-2026-21876: Critical Multipart Charset Bypass Fixed in CRS 4.22.0 and 3.3.8
🔗 https://coreruleset.org/20260106/cve-2026-21876-critical-multipart-charset-bypass-fixed-in-crs-4.22.0-and-3.3.8/
🔗 https://coreruleset.org/20260106/cve-2026-21876-critical-multipart-charset-bypass-fixed-in-crs-4.22.0-and-3.3.8/
🗞️ Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
🔗 https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
🔗 https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
January 9, 2026 at 12:32 PM
🗞️ Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
🔗 https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
🔗 https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
🗞️ [tl;dr sec] #310 - Vulnerable MCP Labs, Pathfinding.cloud, Prompt Injection Taxonomy
🔗 https://tldrsec.com/p/tldr-sec-310
🔗 https://tldrsec.com/p/tldr-sec-310
January 9, 2026 at 12:31 PM
🗞️ [tl;dr sec] #310 - Vulnerable MCP Labs, Pathfinding.cloud, Prompt Injection Taxonomy
🔗 https://tldrsec.com/p/tldr-sec-310
🔗 https://tldrsec.com/p/tldr-sec-310
🗞️ Ni8mare – Unauthenticated Remote Code Execution in N8n
🔗 https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858
🔗 https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858
January 9, 2026 at 12:30 PM
🗞️ Ni8mare – Unauthenticated Remote Code Execution in N8n
🔗 https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858
🔗 https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858