Topic: static analysis
-
5 Million Apps Expose JavaScript's Hidden Secrets
A large-scale investigation found over 42,000 active API keys and tokens exposed in front-end JavaScript bundles, revealing a critical security vulnerability in modern web applications. The exposed credentials were live and high-value, including tokens granting access to private code repositories...
Read More » -
Metis: AI-Powered Open-Source Security Code Analyzer
Metis is an AI-driven, open-source security analysis tool that identifies subtle vulnerabilities in large or legacy codebases, surpassing traditional scanners. It uses large language models and retrieval augmented generation to understand code context and relationships, providing precise recommen...
Read More » -
GitLab 18.5: AI-Powered Features Accelerate Software Development
GitLab 18.5 introduces AI-driven agents and a redesigned interface to streamline development workflows and reduce context switching for teams. The release enhances security with automated vulnerability management, static reachability analysis, and targeted scanning to prioritize genuine risks. It...
Read More » -
Malicious NPM Packages Downloaded 86,000+ Times
A security vulnerability in the NPM ecosystem allowed attackers to upload over 100 malicious packages, downloaded more than 86,000 times, exploiting Remote Dynamic Dependencies to fetch unverified code. The PhantomRaven campaign used these dependencies to bypass detection, as they remain invisibl...
Read More »