This research is published following the public release of a fix and CVE, in accordance with coordinated vulnerability disclosure best practices. CVE‑2025‑60021, a critical command injection issue in Apache bRPC’s /pprof/heap profiler endpoint, was identified during broader analysis of diagnostic and debugging surfaces in the framework. The issue was discovered using Vulnhalla, CyberArk Labs’ AI tool that assists in triaging CodeQL results using an LLM.

Angular applications often rely on built-in protections to handle user input safely. However, a recently disclosed vulnerability shows how gaps in this trust can lead to client-side attacks when input is not properly handled. The vulnerability lies in Angular’s template sanitization logic, where improper handling of SVG elements during template compilation allows attackers to execute arbitrary JavaScript in a user’s browser.

Learn how a Threat Intelligence Platform (TIP) centralises, enriches, and prioritises threat data to deliver actionable cyber intelligence at scale.

The fact that you’re here is proof enough that API is somewhere disturbing your or your security team’s sleep. Whether it is 99% of organizations reporting API security issues in recent surveys, or it’s a compliance/client mandate. We know you are (fear you soon will be) grappling with shadow APIs, misconfigured endpoints leaking sensitive data, BOLAs, unauthorized access, and more.

In today's threat landscape, an effective endpoint protection platform (EPP) is the cornerstone of an organization’s security posture. Built on this foundation, the CrowdStrike Falcon platform has established itself as a pioneer of AI-native security, enabling organizations across every sector and size to unify and automate their defenses across endpoint, identity, cloud, and data.

Web applications process billions of transactions every day, handling everything from user credentials to financial records. This constant exchange of data makes them prime targets for attackers who are looking to gain access for data theft or service disruption. Web application security vulnerabilities are highly sophisticated attack vectors that can exploit authentication flows, business logic, and API integrations.

Today we’re excited to announce that Zenity now protects the most powerful, enterprise-critical coding assistants - Cursor, Claude Code, and GitHub Copilot - from build-time to runtime. As AI becomes a first-class developer tool, Zenity gives security teams the visibility and control they need to safely embrace coding assistants everywhere they’re used, in IDEs, CLIs or in the cloud.