Blog

Felipe Ruiz

Felipe Ruiz

Content writer and editor

Felipe is a content writer and editor at Fluid Attacks. He has a background in psychological research and has been writing about cybersecurity since January 2020.

cover-model-context-protocol-mcp-security (https://unsplash.com/photos/a-picture-of-a-red-and-orange-background-KaCZHQ7fEyQ)

Philosophy

Felipe Ruiz

November 14, 2025

8 min

The Model Context Protocol (MCP): architecture, security risks, and best practices

MCP is key for agentic AI but creates security risks. We analyze its architecture, several security issues, and best practices to protect your AI ecosystem.

Read post

cover-glassworm-vs-code-extensions-supply-chain-attack (https://unsplash.com/photos/a-close-up-view-of-some-ice-crystals-DeB4A_tVaQE)

Attacks

Felipe Ruiz

October 24, 2025

7 min

GlassWorm: Unmasking the self-propagating worm that uses invisible code in VS Code extensions

The sophisticated GlassWorm malware affected VS Code extensions, using invisible Unicode to steal credentials and install a full RAT on developers' machines.

Read post

cover-shai-hulud (original image generated by Gemini and edited in Lunapic)

Attacks

Felipe Ruiz

September 25, 2025

11 min

Shai-Hulud NPM supply chain attack: a new generation of self-propagating threats

A cyber worm like no other! Learn how the Shai-Hulud attack poisoned npm and why it's a game-changer for supply chain security.

Read post

cover-npm-supply-chain-attack-2-billion-downloads (https://unsplash.com/photos/red-and-black-round-ornament-on-brown-tree-trunk-Jf1CnMoCvGc)

Attacks

Felipe Ruiz

September 10, 2025

6 min

NPM supply chain attack: A phishing scam compromised packages with over 2 billion weekly downloads

A phishing attack on a trusted npm maintainer compromised packages with over 2 billion weekly downloads. Here we explore the attack and its broad implications.

Read post

cover-gen-ai-in-pentesting-empirical-research (https://unsplash.com/photos/a-cut-in-half-picture-of-a-building-with-blue-and-red-arrows-LcgLq78WZCQ)

Attacks

Felipe Ruiz

April 24, 2025

10 min

Upside and downside of GenAI in pentesting: insights from an empirical research

Explore the use of GenAI in penetration testing in this overview of the research by Hilario et al. (2024). Find out the good, the bad, and the potential future.

Read post

cover-code-quality-and-security

Philosophy

Felipe Ruiz

April 15, 2025

6 min

Code quality must include security

Discover what is usually seen as code quality, why we believe this concept should include security and some recommendations to develop high-quality code.

Read post

cover-tj-actions-changed-files-vulnerability (https://unsplash.com/photos/silhouette-of-dog-8Ou3EZmTMWA)

Attacks

Felipe Ruiz

March 20, 2025

4 min

Wake-up call for GitHub Actions! A zero-day vulnerability in tj-actions/changed-files

GitHub Action breach! Learn how tj-actions/changed-files leaked secrets & how to protect your repos. Read our breakdown.

Read post

cover-f-scores-accuracy-sla-fluid-attacks (https://unsplash.com/photos/a-bald-eagle-flying-through-the-air-with-its-wings-spread-2S-XTkpXrdM)

Politics

Felipe Ruiz

February 25, 2025

8 min

Publicly offering high accuracy: F-scores and accuracy SLA at Fluid Attacks

Fluid Attacks in its ASPM solution offers its customers strict accuracy measures based on F-scores. Find out what it's all about.

Read post

Load more

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.

Try for free

Contact sales

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.

Try for free

Contact sales

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.

Try for free

Contact sales

Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.

Get an AI summary of Fluid Attacks

Products

Platform

SAST

SCA

DAST

AI SAST

PTaaS

Secure code review

Reverse engineering

Integrations

Solutions

Continuous Hacking

AppSec

ACSA

ASPM

AI security

RBVM

SSCS

Compliance

DevSecOps

Targets

Web applications

Mobile applications

APIs and microservices

Infrastructure as code

LLM apps and GenAI

Company

About us

Customers

Certifications

Partners

Careers

Trust center

Resources

Advisories

Blog

Success stories

Downloadables

Cybersecurity essentials

Events

Documentation

Courses on our platform

Tool benchmark

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Subscribe

SOC 2 Type II

SOC 3

© 2026 Fluid Attacks. We hack your software.

Terms of use

Privacy policy

System status

Cookie policy

Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.

Products

Platform

SAST

SCA

DAST

AI SAST

PTaaS

Secure code review

Reverse engineering

Integrations

Solutions

Continuous Hacking

AppSec

ACSA

ASPM

AI security

RBVM

SSCS

Compliance

DevSecOps

Targets

Web applications

Mobile applications

APIs and microservices

Infrastructure as code

LLM apps and GenAI

Company

About us

Customers

Certifications

Partners

Careers

Trust center

Resources

Advisories

Blog

Success stories

Downloadables

Cybersecurity essentials

Events

Documentation

Courses on our platform

Tool benchmark

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Subscribe

Get an AI summary of Fluid Attacks

SOC 2 Type II

SOC 3

© 2026 Fluid Attacks. We hack your software.

Terms of use

Privacy policy

System status

Cookie policy

Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.

Products

Platform

SAST

SCA

DAST

AI SAST

PTaaS

Secure code review

Reverse engineering

Integrations

Solutions

Continuous Hacking

AppSec

ACSA

ASPM

AI security

RBVM

SSCS

Compliance

DevSecOps

Targets

Web applications

Mobile applications

APIs and microservices

Infrastructure as code

LLM apps and GenAI

Company

About us

Customers

Certifications

Partners

Careers

Trust center

Resources

Advisories

Blog

Success stories

Downloadables

Cybersecurity essentials

Events

Documentation

Courses on our platform

Tool benchmark

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Subscribe

Get an AI summary of Fluid Attacks

SOC 2 Type II

SOC 3

© 2026 Fluid Attacks. We hack your software.

Terms of use

Privacy policy

System status

Cookie policy

Meet us at RSA Conference™ 2026 at booth N-4614! Book a demo on-site.

Plans

Advisories

EN

Contact sales

Log in

Try for free

Meet us at RSA Conference™ 2026 at booth N-4614! Book a demo on-site.

EN

Meet us at RSA Conference™ 2026 at booth N-4614! Book a demo on-site.

EN

Contact sales

Try for free