research hub

Security research,
plainly explained

New analyses every week — vulnerabilities, exploits, and the attack patterns that matter. What the bug is, who's exposed, what to do about it before Monday.

The Bun runtime is becoming the malware delivery vehicle of 2026
April 30, 2026 Threat intel
The Bun runtime is becoming the malware delivery vehicle of 2026
How a GitHub Actions comment box became a supply-chain attack: elementary-data on PyPI and GHCR
April 30, 2026 Threat intel
How a GitHub Actions comment box became a supply-chain attack: elementary-data on PyPI and GHCR
Team PCP: tracking a six-week supply-chain campaign through Trivy, Checkmarx, Bitwarden, and beyond
April 30, 2026 Threat intel
Team PCP: tracking a six-week supply-chain campaign through Trivy, Checkmarx, Bitwarden, and beyond
Vercel's April 2026 incident: an OAuth-app supply chain in three hops
April 30, 2026 Threat intel
Vercel's April 2026 incident: an OAuth-app supply chain in three hops
The AI agent as confused deputy: a 2026 attack class
April 29, 2026 Analysis
The AI agent as confused deputy: a 2026 attack class
Four AI-coding-agent-stack CVEs you should patch first
April 29, 2026 Analysis
Four AI-coding-agent-stack CVEs you should patch first

Application security research.

ops@keepsecure.io

Quick Links
About ResearchHub Contact
Elsewhere
GitHubLinkedInX / Twitter
RSS

© 2026 keepsecure labs