research hub

Security research,
plainly explained

New analyses every week — vulnerabilities, exploits, and the attack patterns that matter. What the bug is, who's exposed, what to do about it before Monday.

CVE-2026-40815: Kubernetes admission-webhook bypass hands over cluster-admin
April 24, 2026 CVE
CVE-2026-40815: Kubernetes admission-webhook bypass hands over cluster-admin
CVE-2026-7733: LangChain PythonREPL tool sandbox escape via __import__
April 24, 2026 CVE
CVE-2026-7733: LangChain PythonREPL tool sandbox escape via __import__
CVE-2026-12091: npm postinstall supply-chain hijack via maintainer-account takeover
April 23, 2026 CVE
CVE-2026-12091: npm postinstall supply-chain hijack via maintainer-account takeover
CVE-2026-51893: GitLab SAML deserialization yields unauth RCE
April 23, 2026 CVE
CVE-2026-51893: GitLab SAML deserialization yields unauth RCE
Bitwarden CLI (@bitwarden/cli 2026.4.0): downstream victim of Checkmarx campaign, 'Shai-Hulud: The Third Coming' branding, Russian-locale kill switch
April 23, 2026 Threat intel
Bitwarden CLI (@bitwarden/cli 2026.4.0): downstream victim of Checkmarx campaign, 'Shai-Hulud: The Third Coming' branding, Russian-locale kill switch
CVE-2026-27701: JavaScript injection via PR title in LiveCode's GitHub Actions
April 22, 2026 CVE
CVE-2026-27701: JavaScript injection via PR title in LiveCode's GitHub Actions

Application security research.

ops@keepsecure.io

Quick Links
About ResearchHub Contact
Elsewhere
GitHubLinkedInX / Twitter
RSS

© 2026 keepsecure labs