Exhibit A(I): Claude Code Leak Turns Curiosity Into a Malware Trap
A Claude Code source leak became bait for GitHub malware, exposing the legal and operational gap between leaked code and trusted software.
Karla Ortiz-Flores
Policy Roast: LinkedIn Wants Enterprise Trust While Secretly Fingerprinting Its Users
LinkedIn's extension fingerprinting scandal is not just creepy. It creates privacy, vendor-risk, and legal exposure for the companies whose employees use it.
Explain This: CrewAI Vulnerability Chain and AI Agent Attack Surface
Four unpatched CVEs in CrewAI expose how AI agent frameworks become attack vectors through prompt injection and code execution chains.
Explain This: Device Code Phishing Attacks and OAuth Abuse
Device code phishing surged 37x as attackers exploit OAuth's TV login flow to steal credentials without triggering MFA alerts.
Policy Roast: The FTC's AI Enforcement Unfairness Doctrine Is Dangerously Vague
When 'unfair AI practices' means whatever the FTC decides it means this week, compliance becomes a moving target.
Breach Autopsy: Change Healthcare and the $22M Ransom That Broke US Pharmacies
When a single ransomware attack on a healthcare clearinghouse disrupts prescriptions nationwide, the third-party risk math changes.
Exhibit A(I): You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
Recent exploits in the Progress ShareFile platform through CVE-2026-2699 and CVE-2026-2701 reveal critical vulnerabilities that could expose confidential data to unauthorized users.