Resources
Radical thinking and constant research inform all we do. Think ahead with shared intelligence from our Swarm of ethical hackers.
When “Just Logging In” Isn’t Just Logging In: A Lookat xrdp and CVE-2026-33145
A quiet finding with real-world impact. CVE-2026-33145 shows how xrdp's AlternateShell feature, enabled by default, passes client-supplied input directly into…
Mythos found a $20,000 bug. It won’t tell you who’s already inside.
Anthropic's Mythos has dominated the security conversation this week. But the debate about whether it's overhyped is the wrong argument.…
CovertSwarm launches RAID: Our red team AI division
CovertSwarm COO Luke Potter announces RAID, our Red Team AI Division, and why real adversaries made it non-negotiable.
What kills new CISOs in their first 90 days – it’s not attackers.
The pen test report. The risk register. The green dashboard. They feel like facts. They're not. They're a record of…
CVE-2026-33727 – When “Low Privilege” Isn’t Low Enough: A Pi-hole LPE Story
Pi-hole's pihole user is low-privileged. It's configured with nologin. It looks contained. It isn't. Here's how a writable file and…
Proof of Human solves the bot problem. It doesn’t solve the people problem.
World ID can prove a real human is behind an account. It can't prove that human hasn't already been phished,…
Too many rules, no real test: Untangling US Cyber Disclosure
The US has no single federal data breach notification law, just a growing patchwork of SEC rules, HIPAA, state obligations,…
Project Glasswing is impressive. But what about the rest?
Anthropic's Project Glasswing is a serious step forward for technical security. But it covers one third of the attack surface.…
Swarm Intelligence: LiteLLM was the end of the chain, not the beginning.
LiteLLM's PyPI package was backdoored for under an hour on March 24. SSH keys, cloud credentials, and CI/CD secrets exfiltrated…