News, Research, and more from Gecko

Jan 27, 2026Research

Why Static Analysis Struggles with Business Logic Vulnerabilities

Jeevan Jutla

Jeevan Jutla8 minute read

Jan 26, 2026Research

How Broken Access Controls in Cal.com Leaked Millions of Bookings and Enabled Complete Account Takeover

Jeevan Jutla

Jeevan Jutla7 minute read

Jul 31, 2025Research

How Gecko Discovered 30 0-Day Vulnerabilities No AppSec Tool Found

Jeevan Jutla

Jeevan Jutla5 minute read

CVE-2026-25055: n8n Arbitrary File Write on Remote Systems via SSH Node

Artemiy Malyshau

Artemiy Malyshau2 minute read

CVE-2026-21894: n8n Missing Stripe-Signature Verification Allows Forged Webhooks

Artemiy Malyshau

Artemiy Malyshau3 minute read

Mar 2, 2026Research

Business Logic Is AppSec's Unsolved Problem

Jeevan Jutla

Jeevan Jutla9 minute read

Mar 11, 2026Research

RCE in Your Test Suite: AI Agent Skills and the Attack Vector Skill Scanners Miss

Jeevan Jutla

Jeevan Jutla6 minute read