Anvil Secure

🔍 New research: AQL injection in #ArangoDB Daniel Kachakil provides a definitive guide to #AQL injection and introduces aqlmap, a new open-source exploitation tool. Read the research: anvilsecure.com/blog/exploitin… #InfoSec #ApplicationSecurity

⚠️ A flaw in Claude’s Chrome extension let attackers inject prompts by just visiting a page. No clicks. A hidden iframe + XSS chain made the extension treat attacker input as real user commands, enabling data theft and actions like sending emails. 🔗 How the silent prompt injection worked → thehackernews.com/2026/03/claude…

Trivy supply-chain attack spreads to Docker, GitHub repos bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Thrilled to announce that Dana Hehl has been promoted to Chief Operations Officer. 👏 She’s been instrumental in shaping how we deliver for clients, including how we think about AI. Read her latest blog post as she explains how Anvil is approaching AI and why human judgment still matters. 🔗 anvilsecure.com/blog/ai-at-anv… #CyberSecurity #InfoSec

Can you find the flag? 🚩 Try our Garmin #ReverseEngineering CTF from HammerCon 2025 and let us know if you solve it! Download the CTF file here: anvilsecure.com/blog/reverse-e…

Microsoft: Hackers abusing AI at every stage of cyberattacks bleepingcomputer.com/news/security/… #Security

For #InternationalWomensDay, we’re reflecting on this year’s theme: #GiveToGain. We asked the women on our team to share a moment of support that made a bigger difference in their careers than others might have realized. These experiences remind us that even small gestures of support can make a lasting difference. Happy International Women’s Day to the women on our team and to all those lifting others up across our industry! 🙌

Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

#ReverseEngineering Garmin watch applications just got easier.⌚ Introducing GhidraGarminApp, a custom Ghidra processor and loader for analyzing Garmin PRG binaries. Put it to the test in our CTF challenge. Let us know if you find the flag! 🚩 Write-up + CTF: anvilsecure.com/blog/reverse-e…

AI is becoming part of everyday criminal workflows - helpnetsecurity.com/2026/02/24/ai-… - #CyberSecurity #CyberCrime #ArtificialIntelligence #InfoSec #ThreatIntelligence #CyberSecurityNews

At @anvil_secure, curiosity is part of the job 🔍 Our engineers follow their instincts, problem-solve, and explore security gaps others miss. When we uncover something useful, we share it! Check out our latest research: anvilsecure.com/blog

Big congrats to Tao Sauvage on his promotion to Director of Research at @Anvil_Secure 🎉 Over the past year, Tao has grown our research program and driven a major increase in our research output. He’s encouraged more engineers to get involved and expanded how we share practical research and tooling with the wider #infosec community. Well deserved!

🇵🇹#HammerCon 2026 was something special! The @anvil_secure team gathered in Estoril, Portugal for a few days of knowledge-sharing, collaboration, and fun. Among the highlights: 16 talks, 18 presenters, 1 research brainstorming session, a new CTF champion (Shoshana Makinen), an off-road jeep tour, dozens of natas, fresh seafood, one birthday, and four days of laughs and shared memories. Muito bem!

More than 80% of online time is spent in mobile apps, yet many iOS apps are never formally security tested. In a new post, @anvil_secure's Anatolii S. shows how to pentest iOS apps without a jailbreak, and introduces IPAAutoDec, an open-source automation tool for streamlining iOS app decryption via SSH.📱🔐 Read here: anvilsecure.com/blog/locked-up… #iOSSecurity #AppSec #Pentesting

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready - @LawrenceAbrams bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…