Runtime Exploit Blocking: Protection for the AI Era

Critical Apache Tomcat Flaw Allows Full Server and Application Takeover (CVE-2026-29146)

Broken by Default: New Vulnerabilities in IBM WebSphere Liberty Can Lead to Full Server Compromise

TeamPCP Campaign: The Evolution of Modern Supply Chain Attacks

Malicious axios Packages Published via Compromised Credentials: What Happened and Recommended Actions

Vulnerability Management Needs a New Executive Lens at Runtime

Docling RCE: A Shadow Vulnerability Introduced via PyYAML (CVE-2026-24009)

Show Me the Call Stack: Proving Exploitability with Runtime Evidence

Reflecting on a Breakthrough Year

Critical React & Next.js RCE Vulnerability (CVE-2025-55182 & CVE-2025-66478): What You Need To Know

Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover

ShadowRay 2.0: Attackers Turn AI Against Itself in Global Campaign that Hijacks AI Into Self-Propagating Botnet

ShadowMQ: How Code Reuse Spread Critical Vulnerabilities Across the AI Ecosystem

The Future of Cloud Security is Runtime

CVE-2025-61882: Oracle E-Business Suite Zero-Day Exploited in Clop Extortion Campaigns

Why EDR Missed the GeoServer Exploit: The Case for Cloud Application Detection & Response (CADR)

Tackling the Top CWEs from CISA’s KEV List with Oligo

The Hidden Risks of the NPM Supply Chain Attacks: AI Agents

Pwn My Ride: Exploring the CarPlay Attack Surface

The SOC Visibility Quad: Why Application Visibility Completes the SOC in 2025

Malicious Packages Don’t Stop at CI: How Oligo CADR Brings Supply-Chain Detection to Runtime

Bridging the Runtime Gap: Insights from Frost & Sullivan’s 2025 Cloud / Application Runtime Security Report

Instant Cloud-to-Code Risk Remediation with Oligo MCP

Endor Labs & Oligo: Closing the Loop Between Secure Code and Secure Runtime

The Application Attack Matrix: Mapping the Modern Cloud Application Threat Landscape

New Sudo Vulnerabilities: CVE-2025-32462 and CVE-2025-32463

Critical RCE Vulnerability in Anthropic MCP Inspector - CVE-2025-49596

Securing the Future of AI: Oligo Named an AI Security Innovator in Latio’s 2025 Market Report

Not All eBPF Sensors Are Created Equal: Why Depth Matters in Runtime Security

Safe By Default or Vulnerable By Design? Golang Server Side Template Injection

What I Learned Switching from Traditional AppSec to Prioritized Fixing

Beyond Workload Detection: How Oligo Delivers Full-Stack Runtime Security

Airborne: Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk

The Rise of Vulnerability Exploitation as an Initial Attack Vector

CVE Funding Almost Expired: What You Need to Know

Vibe Coding: Shipping Features or Shipping Vulnerabilities?

What is Application Detection and Response (ADR)? 2025 Guide

Uncovering the Hidden Risks: How Oligo Identifies 1100% More Vulnerable Functions

ByBit $1.5B Crypto Heist: ADR Best Practices and Lessons Learned

Observability Revolutions in Oligo's Runtime Sensor

Shadow Vulnerabilities in AI: The Hidden Perils Beyond CVEs

ADR vs. CDR: Why Application Detection and Response is the Key to Stopping Modern Attacks

Critical Vulnerabilities in AirPlay Protocol Affecting Multiple Apple Devices

CVE-2024-50050: Critical Vulnerability in meta-llama/llama-stack

ADR vs. RASP: It’s All About the TCO

More Models, More ProbLLMs

New Remote Code Execution (RCE) Vulnerabilities in CUPS for Linux: Threats and Mitigations

Oligo Platform News: Operationalization & Workflows Updates

The No-Blind-Spot Software Supply Chain: How Oligo Sees It All

Shining a Light on Shadow Vulnerabilities

Oligo Wins SC Award for Best Supply Chain Security Solution

Oligo Named Finalist by SC Awards for Best Supply Chain Solution of 2024

TensorFlow Keras Downgrade Attack: CVE-2024-3660 Bypass

0.0.0.0 Day: Exploiting Localhost APIs From the Browser

Recent CrowdStrike Outage Emphasizes the Need for eBPF-Based Sensors

Now Showing in the Oligo Application Defense Platform: Direct and Transitive Dependencies

Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough

Critical RCE Vulnerabilities in OpenSSH (CVE-2024-6387, CVE-2024-6409) - How to Detect and Mitigate

App-Level eBPF Applications - User vs. Kernel Probes

Practical AppSec, Part II: The Limitations of “Shift Left” (and Why Runtime Is the Right Time)

Oligo ADR in action: PaddlePaddle Shadow Vulnerability

Oligo Security Named to Rising in Cyber 2024

Oligo ADR in Action: LLM Prompt Injection

Deep Dive on the XZ Backdoor: CVE 2024-3094 Enables Remote Code Execution in XZ (5.6.0-5.6.1)

XZ-actly What You Need (CVE-2024-3094): Detecting Exploitation with Oligo

ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild

The Definitive Guide to Runtime Vulnerability Prioritization

On Loaded vs. Executed Libraries During Runtime – What This Means for Reachability

Practical AppSec, Part I: Why Devs Don’t Trust AppSec Findings (And What You Can Do About It)

Oligo’s Best Features of 2023 (And an Exciting Sneak Peek at 2024)

AppSec in the Age of AI: Predicting Challenges and Opportunities

ShellTorch: Multiple Critical Vulnerabilities in PyTorch TorchServe Threatens Countless AI Users

Oligo and WebP 0-Day: Keep Calm and Check the Runtime Context

4 Tips for Adopting a Practical Approach to AppSec

Closing the Gap: Exploring SCA Limitations and the Rise of Runtime Security

Scaling Runtime Security: How eBPF is Solving Decade-Long Challenges

Revolutionizing the Game of Application Security

Introducing Oligo: Leading Application Security to Runtime

State of AI in production 2026