Swarm Intelligence

CovertSwarm's web testing agent identified a critical broken access control vulnerability in a retail subscription platform's GraphQL middleware. The platform enforced authentication on its auto-generated queries, but every custom action handler bypassed the permission layer entirely, returning customer PII, subscription data, and health assessments to unauthenticated requests. This is a step-by-step breakdown of how RAID found it in under two minutes.

fallback image

How RAID found unauthenticated customer data in a retail GraphQL API

CovertSwarm's web testing agent identified a critical broken access control vulnerability in a retail subscription platform's GraphQL middleware. The platform…

hidden vulnerabilities xrdp

When “Just Logging In” Isn’t Just Logging In: A Lookat xrdp and CVE-2026-33145

A quiet finding with real-world impact. CVE-2026-33145 shows how xrdp's AlternateShell feature, enabled by default, passes client-supplied input directly into…

Swarm Intelligence banner with redacted text

Project Glasswing is impressive. But what about the rest?

Anthropic's Project Glasswing is a serious step forward for technical security. But it covers one third of the attack surface.…

Swarm Intelligence banner with redacted text

Swarm Intelligence: Stryker’s Intune wipe proves your BCDR plan has a single point of failure

No malware. No ransomware. One compromised Global Admin account and the management console your IT team used this morning. The…

City surveillance at night

Claude Jailbroken To Attack Mexican Government Agencies

A threat actor jailbroke Claude to orchestrate a month-long attack on Mexican government networks, stealing 150 GB of sensitive data.…

iNTERCEPT - See the invisible

iNTERCEPT – How A Small RF Experiment Turned Into A Community SIGINT Platform

I've always been fascinated by RF. There's something about the fact that it's invisible, the fact that you might be…

Silhouette of person in dark environment representing insider threat in agentic IDE security with code and terminal windows in background

When Your IDE Becomes An Insider: Testing Agentic Dev Tools Against Indirect Prompt Injection

Agentic development tools don't need to bypass your firewall. They're already inside. And if an attacker can control what they…

Modern office building at night showing AI agent security risks with autonomous systems running in corporate networks

What Moltbook reveals about AI agent security

The Moltbook launch exposed a critical gap: organizations deploying AI agents faster than they can secure them. Research shows 22%…

Dark office environment showing interconnected multi-agent AI systems network visualization

Inject one agent, own them all: The cascading risk of multi-agent AI

Ninety percent of organizations are deploying AI agents. Most aren't monitoring what they do. Multi-agent systems amplify this blindspot: one…