Vulnerabilities

Stay ahead of cyber threats with our deep dives into software vulnerabilities. Explore technical breakdowns, CVE analysis, and expert remediation strategies.

  • Apr 21, 2026

If “stdio” is a Vulnerability, So Is “git clone” – Notes on Riding the AI Vulnerability Trend

A developer clones a repository and opens it in VS Code at 10:47 a.m. Before...

Ben Hirschberg

CTO & Co-founder
  • Apr 10, 2026

CVE-2026-0968: The libssh Heap Read That Isn’t as Scary as Scanners Say

A missing null check in libssh’s SFTP directory listing code lets a malicious server crash...

Ben Hirschberg

CTO & Co-founder
  • Mar 24, 2026

The Library That Holds All Your AI Keys Was Just Backdoored: The LiteLLM Supply Chain Compromise

We just published a deep breakdown of the Trivy supply chain attacks yesterday. Twenty-four hours...

Ben Hirschberg

CTO & Co-founder
  • Mar 23, 2026

When Your Friend’s House Burns Down Twice: The Trivy Supply Chain Attacks Explained

We’ve been going back and forth on whether to publish this post. As the maintainers...

Ben Hirschberg

CTO & Co-founder
  • Mar 10, 2026

Signature Verification Bypass in Authlib (CVE-2026-28802): What Cloud Security Teams Need to Know

OAuth and OpenID Connect are the backbone of modern cloud-native identity and access management. From...

Ben Hirschberg

CTO & Co-founder
  • Mar 5, 2026

Four Critical RCE Vulnerabilities in n8n: What Cloud Security Teams Need to Know

Automation platforms sit at the center of modern infrastructure. They connect APIs, databases, CI/CD pipelines,...

Ben Hirschberg

CTO & Co-founder
  • Jan 14, 2026

See the Attack Before It Lands: What the ARMO-Rapid7 Partnership Unlocks

The ARMO-Rapid7 partnership connects broad attack surface coverage with deep cloud and Kubernetes runtime security...

Shauli Rozen

CEO & Co-founder
  • Dec 28, 2025

MongoBleed (CVE-2025-14847): Unauthenticated Memory Disclosure in MongoDB

A newly disclosed MongoDB vulnerability, tracked as CVE-2025-14847 and informally referred to as MongoBleed, allows...

Ben Hirschberg

CTO & Co-founder
  • Nov 6, 2025

Three New High-Severity Vulnerabilities in runc: What You Need to Know

Within 24 hours, three new high-severity vulnerabilities were disclosed in runc, the low-level runtime that...

Ben Hirschberg

CTO & Co-founder
  • Nov 3, 2025

ARMO Monthly Product Roundup – November 2025 

Hi there,We’ve just dropped a fresh batch of updates to help you cut through the...

Yossi Ben Naim

VP of Product Management
  • Jun 10, 2025

Can We Manage Vulnerabilities with Two Giants in the Room?

Recently, the EU officially launched its vulnerability catalog: the European Vulnerability Database (EUVD). This move...

Ben Hirschberg

CTO & Co-founder
  • Apr 16, 2025

The Future of CVE Is at Risk – What the End of MITRE’s Role Could Mean for Cybersecurity

With DHS ending MITRE’s CVE funding, the future of global vulnerability tracking is uncertain. Here’s...

Ben Hirschberg

CTO & Co-founder
slack_logos Continue to Slack

Get the information you need directly from our experts!

new-messageContinue as a guest