Kevin Lackey

May 7, 2026

THE GLASWING ERA: AI-POWERED VULNERABILITY DISCOVERY AND WHAT IT MEANS FOR CYBER UNDERWRITING

Anthropic’s Mythos Preview and Project Glasswing have redrawn the cyber threat landscape. This brief explains what changed, what it means for risk selection and pricing, and […]
April 24, 2026

CyRisk Named Cyber Underwriting Technology Provider of the Year at the 2026 Intelligent Insurer Cyber Insurance Awards USA 

“Platform Recognized as “Truly Next Generation” by an International Panel of Senior Insurance Industry Judges”  CyRisk, the leading cyber risk intelligence platform purpose-built for underwriters and […]
December 10, 2025

Critical Unauthenticated RCE in React Server Components (React2Shell, CVE-2025-55182)

Executive summary CVE-2025-55182 (“React2Shell”) is a CVSS 10.0 unauthenticated remote code execution vulnerability in React Server Components (RSC) that enables arbitrary code execution on affected servers […]
August 11, 2025

CVE-2019-7481: SonicWall SMA100 SQL Injection and Its Role in Ransomware

CVE-2019-7481: SonicWall SMA100 SQL Injection and Its Role in Ransomware Summary: CVE-2019-7481 is a critical SQL injection in SonicWall SMA100 devices. Despite a 2019 disclosure, it […]
July 26, 2025

CVE-2024-47948: Path Traversal Vulnerability in JetBrains TeamCity

Comprehensive Analysis of CVE-2024-47948: JetBrains TeamCity Path Traversal Vulnerability CVE ID: CVE-2024-47948 CVSS Score: 7.5/10 (High) CWE Classification: CWE-22 (Improper Limitation of a Pathname to a […]
July 25, 2025

CVE-2024-47949 Path Traversal Vulnerability Analysis

Comprehensive Research Report: CVE-2024-47949 Executive Summary CVE-2024-47949 is a high-severity path traversal vulnerability in JetBrains TeamCity affecting versions prior to 2024.07.3. The flaw enables attackers to […]
July 25, 2025

CVE-2024-47950: Stored XSS Vulnerability in JetBrains TeamCity

Comprehensive Analysis of CVE-2024-47950: JetBrains TeamCity Stored XSS Vulnerability 1. Threat Intelligence CVE-2024-47950, a stored Cross-Site Scripting (XSS) vulnerability in JetBrains TeamCity’s Backup configuration settings, was […]
July 25, 2025

CVE-2024-47951: JetBrains TeamCity Stored XSS Vulnerability Analysis

Comprehensive Analysis of CVE-2024-47951: JetBrains TeamCity Stored XSS Vulnerability 1. Vulnerability Overview CVE-2024-47951 is a stored Cross-Site Scripting (XSS) vulnerability in JetBrains TeamCity CI/CD platform, affecting […]
July 25, 2025

CVE-2024-50379: Critical RCE Vulnerability in Apache Tomcat

Comprehensive Research Report: CVE-2024-50379 (Apache Tomcat TOCTOU RCE) CVE-2024-50379 is a critical remote code execution (RCE) vulnerability caused by a Time-of-check Time-of-use (TOCTOU) race condition in […]
July 25, 2025

CVE-2024-5458: PHP URL Filter Bypass Vulnerability Analysis

Comprehensive Analysis of CVE-2024-5458: PHP URL Filter Bypass Vulnerability CVE-2024-5458 is a medium-severity vulnerability in PHP’s URL validation functionality, enabling attackers to bypass security checks by […]
July 25, 2025

CVE-2024-54677: Uncontrolled Resource Consumption in Apache Tomcat

Comprehensive Analysis of CVE-2024-54677: Uncontrolled Resource Consumption in Apache Tomcat 1. Vulnerability Overview CVE-2024-54677 is a Medium Severity (CVSS: 5.3) Uncontrolled Resource Consumption (CWE-400) vulnerability discovered […]
July 25, 2025

CVE-2024-5535: OpenSSL Buffer Overread Vulnerability Analysis

Comprehensive Analysis of CVE-2024-5535: OpenSSL SSL_select_next_proto Buffer Overread Vulnerability CVE-2024-5535 represents a high-severity buffer overread vulnerability in OpenSSL’s SSL_select_next_proto function, capable of exposing up to 255 […]