Security Research

CVSS 10.0: Unauthenticated RCE - One Malformed SSH Handshake is All it Takes

On April 16, 2025, CVE-2025-32433 was disclosed—a critical remote code execution (RCE) vulnerability.

NextJS Authorization Bypass (CVE-2025-29927) Highlights the Need for Stronger Runtime Security

Two researchers have recently discovered an authorization-bypass bug in the popular NextJS framework by Vercel. Tracked as CVE-2025-29927

IngressNightmare: How Runtime Changes the Game for Ingress-NGINX Kubernetes-Critical Vulnerabilities

A new set of high-severity vulnerabilities, collectively dubbed IngressNightmare, has been discovered by Wiz. Sweet keeps you secure.

CVE-2025-30066: tj-actions Supply Chain Attack

On Friday, a supply chain attack compromised the widely used GitHub Action tj-actions/changed-files, exposing secrets from numerous repos.

Of XZ and Unknown Unknowns

The recent XZ (liblzma) supply-chain attack is a marvel of social engineering and a great example of evading detection under the many-eyes..

From a Snowflake to a Snowball: How to Detect and Stop Impersonation Attacks

As reported, Snowflake, the data cloud company, is currently under fire for an account hacks campaign...

Responding to the CVE-2024-6387 (RegreSSHion) Vulnerability

Qualys research has discovered a critical Remote Code Execution (RCE) vulnerability, CVE-2024-6387, that has resurfaced in OpenSSH.

Defending Against the Latest Ghostscript Vulnerability (CVE-2024-29510)

Bleeping Computer has recently reported on a new vulnerability within Ghostscipt, a widely used library for handling PostScript and PDF file

Sweet Security Explains the '19 Capital One SSRF Breach

Welcome to CandyStore: Sweet Security’s Open Source Key-Value Storage

We’re excited to announce that Sweet Security has officially released CandyStore – an extremely fast open source key-value store