BLOG

Pwn My Ride: Exploring the CarPlay Attack Surface

Pwn My Ride: Exploring the CarPlay Attack Surface

September 9, 2025

Tackling the Top CWEs from CISA’s KEV List with Oligo

September 22, 2025

The Hidden Risks of the NPM Supply Chain Attacks: AI Agents

September 16, 2025

The SOC Visibility Quad: Why Application Visibility Completes the SOC in 2025

August 27, 2025

Malicious Packages Don’t Stop at CI: How Oligo CADR Brings Supply-Chain Detection to Runtime

Bridging the Runtime Gap: Insights from Frost & Sullivan’s 2025 Cloud / Application Runtime Security Report

Instant Cloud-to-Code Risk Remediation with Oligo MCP

Endor Labs & Oligo: Closing the Loop Between Secure Code and Secure Runtime

The Application Attack Matrix: Mapping the Modern Cloud Application Threat Landscape

New Sudo Vulnerabilities: CVE-2025-32462 and CVE-2025-32463

Critical RCE Vulnerability in Anthropic MCP Inspector - CVE-2025-49596

Securing the Future of AI: Oligo Named an AI Security Innovator in Latio’s 2025 Market Report

Not All eBPF Sensors Are Created Equal: Why Depth Matters in Runtime Security

Shadow Vulnerability

Safe By Default or Vulnerable By Design? Golang Server Side Template Injection

What I Learned Switching from Traditional AppSec to Prioritized Fixing

Beyond Workload Detection: How Oligo Delivers Full-Stack Runtime Security

Airborne: Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk

The Rise of Vulnerability Exploitation as an Initial Attack Vector

CVE Funding Almost Expired: What You Need to Know

Vibe Coding: Shipping Features or Shipping Vulnerabilities?

What is Application Detection and Response (ADR)? 2025 Guide

Uncovering the Hidden Risks: How Oligo Identifies 1100% More Vulnerable Functions

ByBit $1.5B Crypto Heist: ADR Best Practices and Lessons Learned

Observability Revolutions in Oligo's Runtime Sensor

Shadow Vulnerability

Shadow Vulnerabilities in AI: The Hidden Perils Beyond CVEs

ADR vs. CDR: Why Application Detection and Response is the Key to Stopping Modern Attacks

February 25, 2025

Critical Vulnerabilities in AirPlay Protocol Affecting Multiple Apple Devices

January 28, 2025

Shadow Vulnerability

CVE-2024-50050: Critical Vulnerability in meta-llama/llama-stack

January 23, 2025

ADR vs. RASP: It’s All About the TCO

Jeanette Sherman

November 20, 2024

More Models, More ProbLLMs

October 30, 2024

New Remote Code Execution (RCE) Vulnerabilities in CUPS for Linux: Threats and Mitigations

September 28, 2024

Oligo Platform News: Operationalization & Workflows Updates

Jeanette Sherman

September 26, 2024

The No-Blind-Spot Software Supply Chain: How Oligo Sees It All

Jeanette Sherman

September 23, 2024

Shadow Vulnerability

Shining a Light on Shadow Vulnerabilities

September 19, 2024

Oligo Wins SC Award for Best Supply Chain Security Solution

Nadav Czerninski

September 17, 2024

Oligo Named Finalist by SC Awards for Best Supply Chain Solution of 2024

Nadav Czerninski

September 3, 2024

Shadow Vulnerability

TensorFlow Keras Downgrade Attack: CVE-2024-3660 Bypass

August 20, 2024

Shadow Vulnerability

0.0.0.0 Day: Exploiting Localhost APIs From the Browser

Recent CrowdStrike Outage Emphasizes the Need for eBPF-Based Sensors

Now Showing in the Oligo Application Defense Platform: Direct and Transitive Dependencies

Jeanette Sherman

Shadow Vulnerability

Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough

Critical RCE Vulnerabilities in OpenSSH (CVE-2024-6387, CVE-2024-6409) - How to Detect and Mitigate

App-Level eBPF Applications - User vs. Kernel Probes

Practical AppSec, Part II: The Limitations of “Shift Left” (and Why Runtime Is the Right Time)

Jeanette Sherman

Shadow Vulnerability

Oligo ADR in action: PaddlePaddle Shadow Vulnerability

Nitzan Mousseri

Oligo Security Named to Rising in Cyber 2024

Nadav Czerninski

Shadow Vulnerability

Oligo ADR in Action: LLM Prompt Injection

Nitzan Mousseri

Deep Dive on the XZ Backdoor: CVE 2024-3094 Enables Remote Code Execution in XZ (5.6.0-5.6.1)

Jeanette Sherman

XZ-actly What You Need (CVE-2024-3094): Detecting Exploitation with Oligo

Nitzan Mousseri

Shadow Vulnerability

ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild

The Definitive Guide to Runtime Vulnerability Prioritization

On Loaded vs. Executed Libraries During Runtime – What This Means for Reachability

February 28, 2024

Practical AppSec, Part I: Why Devs Don’t Trust AppSec Findings (And What You Can Do About It)

Jeanette Sherman

February 12, 2024

Oligo’s Best Features of 2023 (And an Exciting Sneak Peek at 2024)

January 30, 2024

AppSec in the Age of AI: Predicting Challenges and Opportunities

Nadav Czerninski

December 19, 2023

Shadow Vulnerability

ShellTorch: Multiple Critical Vulnerabilities in PyTorch TorchServe Threatens Countless AI Users

October 3, 2023

Oligo and WebP 0-Day: Keep Calm and Check the Runtime Context

September 28, 2023

4 Tips for Adopting a Practical Approach to AppSec

September 18, 2023

Scaling Runtime Security: How eBPF is Solving Decade-Long Challenges

Revolutionizing the Game of Application Security

February 15, 2023

Introducing Oligo: Leading Application Security to Runtime

Nadav Czerninski

February 14, 2023