@FWD_SEC profile picture
Forward Security @FWD_SEC

Forward's highly accomplished team specializes in application and cloud security services. Straight talk, technical leadership, and excellence are in our DNA.

Joined December 2018
  • Tweets 766
  • Following 137
  • Followers 250
273 Photos and videos
New Fragnesia Linux flaw lets attackers gain root privileges bleepingcomputer.com/news/se… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

New Fragnesia Linux flaw lets attackers gain root privileges

Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code...

bleepingcomputer.com
7
How AI Was Tricked Into Stealing $150,000 From Grok Wallet tech.yahoo.com/cybersecurity… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

How AI Was Tricked Into Stealing $150,000 From Grok Wallet

An attacker used a gifted NFT and crafted prompt to drain $150K from Grok's Bankr wallet, with 80% now returned.

tech.yahoo.com
4
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign thehackernews.com/2026/04/bi… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious npm code

thehackernews.com
4
New Checkmarx supply-chain breach affects KICS analysis tool bleepingcomputer.com/news/se… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments.

bleepingcomputer.com
4
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials thehackernews.com/2026/04/ve… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Context.ai breach enabled Google Workspace takeover at Vercel, exposing limited customer credentials and prompting $2M data sale claim.

thehackernews.com
3
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain thehackernews.com/2026/04/an… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

MCP design flaw enables RCE across 7,000 servers and 150M downloads, impacting AI SDKs and supply chains.

thehackernews.com
17
Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854) wiz.io/blog/github-rce-vulne… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

GitHub · Change is constant. GitHub keeps you ahead.

Join the world's most widely adopted, AI-powered developer platform where millions of developers, businesses, and the largest open source community build software that advances humanity.

github.com
8
A GitHub Issue Title Compromised 4,000 Developer Machines grith.ai/blog/clinejection-w… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

A GitHub Issue Title Compromised 4,000 Developer Machines

A prompt injection in a GitHub issue triggered a chain reaction that ended with 4,000 developers getting OpenClaw installed without consent. The attack composes well-understood vulnerabilities into...

grith.ai
1
135
Open AI says Codex Security found 11,000 high impact bugs in a month csoonline.com/article/414235… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

OpenAI says Codex Security found 11,000 high-impact bugs in a month

The new AI-driven AppSec tool reportedly uncovered hundreds of critical flaws and thousands of high-severity issues during early testing.

csoonline.com
9
The TeamPCP supply chain attack evolves The malicious campaign started with Trivy and Checkmarx and has shifted to LiteLLM — and now telnix. Here's how. reversinglabs.com/blog/teamp… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

Inside the TeamPCP cascading supply chain attack | RL Blog

The malicious campaign that started with Trivy and Checkmarx has shifted to LiteLLM. Here's how — and what's different this time.

reversinglabs.com
6
SolarWinds took a nation-state. The next attack just needs an LLM and $5. endorlabs.com/learn/software… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

SolarWinds took a nation-state. The next attack just needs an LLM and $5. | Blog | Endor Labs

Software supply chain attacks once required nation-state resources, but now AI has collapsed the cost of offense to pocket change.

endorlabs.com
1
1
2
68
Cybersecurity Teams Embrace AI, Just Not at the Scale Marketing Suggests infosecurity-magazine.com/ne… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

Security Teams Embrace AI, Just Not at the Scale Marketing Suggests

Despite the seemingly widespread adoption of AI for security operations, security leaders primarily use it for “relatively basic use cases,” said a Sumo Logic study

infosecurity-magazine.com
2
Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks Intensify infosecurity-magazine.com/ne… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks

2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities

infosecurity-magazine.com
2
Attackers finally get around to exploiting critical Microsoft bug from 2024 theregister.com/2026/02/13/c… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

Critical Microsoft bug from 2024 under exploitation

: As if admins haven't had enough to do this week

theregister.com
1
3
Meta AI alignment director shares her OpenClaw email-deletion nightmare: 'I had to RUN to my Mac mini' businessinsider.com/meta-ai-… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

Meta AI alignment director shares her OpenClaw email-deletion nightmare: 'I had to RUN to my Mac...

Meta alignment director Summer Yue hooked OpenClaw up to her inbox. Then, the bot tried to delete her emails. Yue chalked it up to a "rookie mistake."

businessinsider.com
10
Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models thehackernews.com/2026/02/mi… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Microsoft develops a lightweight scanner that detects backdoors in open-weight LLMs using three behavioral signals, improving AI model security and tr

thehackernews.com
12
Gemini Trifecta Highlights Dangers of Indirect Prompt Injection infosecurity-magazine.com/ne… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

Gemini Trifecta Highlights Dangers of Indirect Prompt Injection

Tenable researchers have discovered three vulnerabilities in Google’s Gemini GenAI tool

infosecurity-magazine.com
12
One-click RCE on Clawd/Moltbot in under 2 hours with Hackian ethiack.com/news/blog/one-cl… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

One-click RCE on OpenClaw in under 2 hours with an Autonomous Hacking Agent | Ethiack — Autonomous...

Our AI pentester, Hackian, found a RCE on Openclaw by hacking it fully autonomously in under 2 hours. Learn how and read the logs in this blog.

ethiack.com
8
Small Open-Source Maintainers Targeted by VS Code Tasks Malware At least 21 small OSS maintainers hit in 72 hours via malicious VS Code task configurations opensourcemalware.com/blog/o… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

OpenSourceMalware.com - Community Threat Intelligence

Community-driven threat intelligence. Human-verified supply chain threats from every major open source ecosystem.

opensourcemalware.com
17
TransUnion suffers data breach impacting over 4.4 million people bleepingcomputer.com/news/se… #DevSecOps #SecDevOps #ApplicationSecurity #AppSec #CloudSecurity #CloudSec #SoftwareSecurity

TransUnion suffers data breach impacting over 4.4 million people

Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States, with BleepingComputer learning the data...

bleepingcomputer.com
14
Load more