News, Research and more from Gecko

Why Static Analysis Struggles with Business Logic Vulnerabilities

Jan 27, 2026 by Jeevan Jutla

How Broken Access Controls in Cal.com Leaked Millions of Bookings and Enabled Complete Account Takeover

Jan 26, 2026 by Jeevan Jutla

How Gecko Discovered 30 0-Day Vulnerabilities No AppSec Tool Found

Jul 31, 2025 by Jeevan Jutla

CVE-2026-25055: n8n Arbitrary File Write on Remote Systems via SSH Node

Feb 4, 2026 by Gecko Security Research

CVE-2026-21894: n8n Missing Stripe-Signature Verification Allows Forged Webhooks

Feb 4, 2026 by Gecko Security Research

Business Logic Is AppSec's Unsolved Problem

Mar 2, 2026 by Jeevan Jutla

RCE in Your Test Suite: AI Agent Skills and the Attack Vector Skill Scanners Miss

Mar 11, 2026 by Jeevan Jutla