Introducing native Jira Cloud integration for SonarQube Cloud
https://www.sonarsource.com/blog/introducing-native-jira-cloud-integration-for-sonarqube-cloud/
https://www.sonarsource.com/blog/introducing-native-jira-cloud-integration-for-sonarqube-cloud/
Sonarsource
Introducing native Jira Cloud integration for SonarQube Cloud
We are excited to announce the release of our new, native Jira integration for SonarQube Cloud, available for Team and Enterprise plans. This integration streamlines the development workflow by allowing users to create Jira issues from SonarQube findings…
Introducing native Jira Cloud integration for SonarQube Cloud
https://www.sonarsource.com/blog/introducing-native-jira-cloud-integration-for-sonarqube-cloud/
https://www.sonarsource.com/blog/introducing-native-jira-cloud-integration-for-sonarqube-cloud/
Sonarsource
Introducing native Jira Cloud integration for SonarQube Cloud
We are excited to announce the release of our new, native Jira integration for SonarQube Cloud, available for Team and Enterprise plans. This integration streamlines the development workflow by allowing users to create Jira issues from SonarQube findings…
Practical Android Pentesting: A Case Study on TikTok RCE
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
Medium
Practical Android Pentesting: A Case Study on TikTok RCE
From Universal XSS to native library hijacking: A comprehensive guide to Android exploitation using WebViews, Intent abuse, and Zip Slip.
🤔1
Introducing native Jira Cloud integration for SonarQube Cloud
https://www.sonarsource.com/blog/introducing-native-jira-cloud-integration-for-sonarqube-cloud/
https://www.sonarsource.com/blog/introducing-native-jira-cloud-integration-for-sonarqube-cloud/
Sonarsource
Introducing native Jira Cloud integration for SonarQube Cloud
We are excited to announce the release of our new, native Jira integration for SonarQube Cloud, available for Team and Enterprise plans. This integration streamlines the development workflow by allowing users to create Jira issues from SonarQube findings…
How Android provides the most effective protection to keep you safe from mobile scams
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Google Online Security Blog
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Ab...
❤1
Balancer hack analysis and guidance for the DeFi ecosystem
https://blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/
https://blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/
The Trail of Bits Blog
Balancer hack analysis and guidance for the DeFi ecosystem
A retrospective on the $100M Balancer hack that occurred in November 2025, including long-term, strategic guidance on how to avoid similar bugs.
❤1
Announcing SonarQube MCP Server: Bringing code quality into your AI workflow
https://www.sonarsource.com/blog/announcing-sonarqube-mcp-server/
https://www.sonarsource.com/blog/announcing-sonarqube-mcp-server/
Sonarsource
Announcing SonarQube MCP Server: Bringing code quality into your AI workflow
AI is transforming software development and turbocharging many aspects of a developer's daily work. But it’s also bringing new challenges to your teams: how do you maintain code quality and security standards as the volume of AI-generated code doubles, triples…
❤4
Announcing SonarQube MCP Server: Bringing code quality into your AI workflow
https://www.sonarsource.com/blog/announcing-sonarqube-mcp-server/
https://www.sonarsource.com/blog/announcing-sonarqube-mcp-server/
Sonarsource
Announcing SonarQube MCP Server: Bringing code quality into your AI workflow
AI is transforming software development and turbocharging many aspects of a developer's daily work. But it’s also bringing new challenges to your teams: how do you maintain code quality and security standards as the volume of AI-generated code doubles, triples…
How I Found the Worst ASP.NET Vulnerability — A $10K Bug (CVE-2025-55315)
https://www.praetorian.com/blog/how-i-found-the-worst-asp-net-vulnerability-a-10k-bug-cve-2025-55315/
https://www.praetorian.com/blog/how-i-found-the-worst-asp-net-vulnerability-a-10k-bug-cve-2025-55315/
Praetorian
How I Found the Worst ASP.NET Vulnerability — A $10K Bug (CVE-2025-55315)
Introduction Earlier this year, I earned a $10,000 bounty from Microsoft after discovering a critical HTTP request smuggling vulnerability in ASP.NET Core’s Kestrel server (CVE-2025-55315). The vulnerability garnered significant media attention after Microsoft…
❤4🤔1
Assessing the Attack Surface of Remote MCP Servers
https://blog.kulkan.com/assessing-the-attack-surface-of-remote-mcp-servers-92d630a0cab0
https://blog.kulkan.com/assessing-the-attack-surface-of-remote-mcp-servers-92d630a0cab0
Medium
Assessing the Attack Surface of Remote MCP Servers
Hello! I’m Matias Forti, technical lead here at Kulkan Security. As the AI landscape continues to evolve I’ve been really interested in…
❤2
Hunting for DOM-based XSS vulnerabilities: A complete guide
https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-dom-based-xss-vulnerabilities
https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-dom-based-xss-vulnerabilities
Intigriti
Hunting for DOM-based XSS vulnerabilities: A complete guide
Traditional cross-site scripting (XSS) vulnerabilities were prevalent when server-side rendering (with languages like PHP, JSP, and ASP) was the norm. However, as applications become more complex and...
❤3
❤2
SonarQube Named a Leader and Fast Mover in GigaOm
https://www.sonarsource.com/blog/sonarqube-named-leader-in-gigaom-application-security-testing/
https://www.sonarsource.com/blog/sonarqube-named-leader-in-gigaom-application-security-testing/
Sonarsource
SonarQube Named a Leader and Fast Mover in GigaOm's Application Security Testing Radar
We are excited to share that Sonar has been named a Leader and Fast-Mover in the latest GigaOm Radar for Application Security Testing (AST). Following an in-depth evaluation of 27 vendors, GigaOm positioned Sonar in the top-tier ‘Maturity/Platform Play’ quadrant…
❤2
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)
https://labs.watchtowr.com/is-it-citrixbleed4-well-no-is-it-good-also-no-citrix-netscalers-memory-leak-rxss-cve-2025-12101/
https://labs.watchtowr.com/is-it-citrixbleed4-well-no-is-it-good-also-no-citrix-netscalers-memory-leak-rxss-cve-2025-12101/
watchTowr Labs
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)
There’s an elegance to vulnerability research that feels almost poetic - the quiet dance between chaos and control. It’s the art of peeling back the layers of complexity, not to destroy but to understand; to trace the fragile threads that hold systems together…
❤3
Critical: Remote Code Execution via Malicious Obfuscated Malware in Imunify360 AV (AI-bolit)
https://patchstack.com/articles/remote-code-execution-vulnerability-found-in-imunify360/
https://patchstack.com/articles/remote-code-execution-vulnerability-found-in-imunify360/
Patchstack
Critical: Remote Code Execution via Malicious Obfuscated Malware in Imunify360 AV (AI-bolit)
A critical RCE vulnerability has been patched in Imunify360 AV. Hosting companies should patch the issue immediately & check servers for signs of compromise.
❤2
Building checksec without boundaries with Checksec Anywhere
https://blog.trailofbits.com/2025/11/13/building-checksec-without-boundaries-with-checksec-anywhere/
https://blog.trailofbits.com/2025/11/13/building-checksec-without-boundaries-with-checksec-anywhere/
The Trail of Bits Blog
Building checksec without boundaries with Checksec Anywhere
Checksec Anywhere consolidates fragmented binary security analysis tools into a browser-based platform that analyzes ELF, PE, and Mach-O formats locally without compromising privacy or performance.
❤3
Rust in Android: move fast and fix things
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html
Google Online Security Blog
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in ...
❤2
SonarQube Named a Leader and Fast Mover in GigaOm
https://www.sonarsource.com/blog/sonarqube-named-leader-in-gigaom-application-security-testing/
https://www.sonarsource.com/blog/sonarqube-named-leader-in-gigaom-application-security-testing/
Sonarsource
SonarQube Named a Leader and Fast Mover in GigaOm's Application Security Testing Radar
We are excited to share that Sonar has been named a Leader and Fast-Mover in the latest GigaOm Radar for Application Security Testing (AST). Following an in-depth evaluation of 27 vendors, GigaOm positioned Sonar in the top-tier ‘Maturity/Platform Play’ quadrant…
❤2