We are excited to share that Sonar has been named a Leader and Fast-Mover in the latest GigaOm Radar for Application Security Testing (AST). Following an in-depth evaluation of 27 vendors, GigaOm positioned Sonar in the top-tier ‘Maturity/Platform Play’ quadrant…

There’s an elegance to vulnerability research that feels almost poetic - the quiet dance between chaos and control. It’s the art of peeling back the layers of complexity, not to destroy but to understand; to trace the fragile threads that hold systems together…

A critical RCE vulnerability has been patched in Imunify360 AV. Hosting companies should patch the issue immediately & check servers for signs of compromise.

Checksec Anywhere consolidates fragmented binary security analysis tools into a browser-based platform that analyzes ELF, PE, and Mach-O formats locally without compromising privacy or performance.

Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in ...

We are excited to share that Sonar has been named a Leader and Fast-Mover in the latest GigaOm Radar for Application Security Testing (AST). Following an in-depth evaluation of 27 vendors, GigaOm positioned Sonar in the top-tier ‘Maturity/Platform Play’ quadrant…

After yet another workout where my sports watch completely lost GPS, I’d had enough. I decided to dig into its firmware and pinpoint the problem. I couldn’t find it published anywhere. No download section, no public archive, nothing. So, I changed tactics…

We’ve released open-source Go implementations of ML-DSA and SLH-DSA.

What's Changed
🎉 New Features

Adding json + xpath headless extractors by @Mzack9999 in #6559
Adding VNC auth by @Mzack9999 in #6413
Feat(templating): add vars templating into yaml inputs (ytt)...

The Internet is ablaze, and once again we all have a front-row seat - a bad person, if you can believe it, is doing a bad thing!

The first warning of such behaviour came from the great team at Defused:

As many are now aware, an unnamed (and potentially…

We’re releasing Slither-MCP, a new tool that augments LLMs with Slither’s unmatched static analysis engine.

In this article, I’ll walk you through my journey in intercepting HTTPS traffic from a APK based on Flutter during a pentesting engagement…

This blog introduces SonarQube's enhanced analysis capabilities for GitHub Actions, designed to proactively identify and remediate security vulnerabilities like Command Injection and Code Execution that pose a significant supply chain risk.

Intigriti has won Security Innovation of the Year at the UK IT Industry Awards 2025.

Trail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.

This blog introduces SonarQube's enhanced analysis capabilities for GitHub Actions, designed to proactively identify and remediate security vulnerabilities like Command Injection and Code Execution that pose a significant supply chain risk.

We hacked our way into Lovable's office by demoing SupaPwn — a chain that could potentially enable region-wide tenant takeover: event-trigger privilege window, DB superuser, host RCE, SUID escalation, exposed configs, orchestration takeover

Three types of price manipulation techniques threat actors are using this Black Friday and Cyber Monday

Posted by Dave Kleidermacher, VP, Platforms Security & Privacy, Google Technology should bring people closer together, not create walls. ...

This blog introduces SonarQube's enhanced analysis capabilities for GitHub Actions, designed to proactively identify and remediate security vulnerabilities like Command Injection and Code Execution that pose a significant supply chain risk.