Topic: vulnerability detection
-
Strix: Open-Source AI Agents for Penetration Testing
Strix is an open-source platform that uses autonomous agents to identify security flaws by mimicking human attackers and validating vulnerabilities with proof-of-concept demonstrations. The system employs multiple specialized agents that collaborate dynamically, covering various testing dimension...
Read More » -
Find and Fix Internal Vulnerabilities with Detectify Scanning
Detectify's new Internal Scanning solution extends security testing to private networks, addressing the visibility gap and allowing organizations to efficiently find and fix vulnerabilities in internal applications. The solution uses advanced proprietary technology, including a crawling engine po...
Read More » -
Secure Your Cloud with cnspec: Open-Source Policy & Security
cnspec is an open-source tool that provides unified security and compliance scanning across diverse technologies, identifying vulnerabilities and misconfigurations to prioritize fixes. It supports a wide range of targets including cloud platforms, Kubernetes, containers, SaaS applications, infras...
Read More » -
Top Open-Source Cybersecurity Tools for August 2025
Open-source cybersecurity tools are rapidly advancing, offering cost-effective solutions for vulnerability management, identity security, and penetration testing. Notable tools include Buttercup for AI-driven vulnerability patching, EntraGoat for safe identity management training, and LudusHound ...
Read More » -
Buttercup: AI-Powered Open-Source Vulnerability Detection & Patching
Buttercup is an AI-powered open-source security platform by Trail of Bits that automatically detects and repairs software vulnerabilities, earning second place in DARPA's AI Cyber Challenge. It combines AI-driven fuzzing with static analysis through four interconnected modules, featuring an orche...
Read More » -
Vulnhuntr: Find Remotely Exploitable Vulnerabilities Fast
Vulnhuntr combines static code analysis with large language models (LLMs) to detect complex, multi-step vulnerabilities that traditional scanners miss by tracking data flow across applications. The tool systematically breaks down code analysis to overcome LLM context limitations, tracing user inp...
Read More » -
AI Agents Advance in Writing and Hacking Code
AI is revolutionizing cybersecurity by identifying critical vulnerabilities in complex codebases, including previously unknown flaws, at an unprecedented scale. UC Berkeley researchers found AI models detected 17 vulnerabilities (15 zero-day exploits) in open-source projects, showcasing advanced ...
Read More » -
OpenAI's 'Aardvark' AI Agent Automates Cybersecurity Research
OpenAI has launched Aardvark, an AI-powered cybersecurity researcher that uses GPT-5 to automate the discovery and remediation of software vulnerabilities, currently available in a private beta. The tool analyzes code repositories to identify and annotate vulnerabilities, tests them in a sandboxe...
Read More » -
Unseen Dangers in Open-Source Software
Open-source software underpins much of the digital world but poses significant security risks, as organizations often overlook vulnerabilities in the code they depend on daily. A study comparing open-source and proprietary software found varying vulnerability densities, with smaller projects like...
Read More » -
HCL AppScan 360º 2.0: Secure Your Software Supply Chain
Businesses face challenges in securing software supply chains due to open-source adoption and strict data regulations, which HCL AppScan 360º 2.0 addresses with a cloud-native solution. High-profile incidents like Log4Shell expose vulnerabilities in fragmented open-source dependencies, while glob...
Read More » -
Claude Code: Scan, Verify, and Patch Vulnerabilities
Anthropic has launched Claude Code Security, a new AI-powered tool in limited preview that helps developers identify complex vulnerabilities by analyzing code context and data flows, reducing false positives through an adversarial verification process. The tool suggests specific patches for flagg...
Read More » -
ImmuniWeb Boosts AI-Powered Security Testing & Compliance
ImmuniWeb's Q4 update focuses on identifying AI-specific vulnerabilities, including the OWASP Top 10 for LLMs, and expands capabilities for detecting exposed AI infrastructure and shadow IT assets. The platform enhances compliance testing for regulations like EU DORA, introduces new reporting fea...
Read More » -
AI Agents vs. Smart Contract Exploits: New Open-Source Benchmark
EVMbench is a new open-source framework developed by OpenAI and Paradigm to rigorously evaluate AI systems on real-world smart contract security tasks, using data from professional audits and contests for standardized assessment. The benchmark tests AI on three core functions: detecting known vul...
Read More » -
Onapsis Platform Boosts SAP Security and Visibility
The Onapsis Control platform has been upgraded with enhanced security features that integrate with SAP CI/CD pipelines, expand Git repository support, and strengthen SAP Transport Management System workflows to protect the entire SAP infrastructure. Recent threat intelligence reveals a 400% surge...
Read More » -
Cyber Giants Boost AI Security in M&A Surge
The cybersecurity industry saw significant consolidation in November 2025, driven by a strategic pivot toward AI-driven security automation and integrated platforms to combat sophisticated threats. Major acquisitions included Palo Alto Networks buying Chronosphere for $3.35 billion to enhance obs...
Read More » -
AI Transforms Embedded Software: From Experiment to Production
AI-generated code is now a mainstream production tool, running critical systems like power grids and medical devices, but its rapid adoption raises significant cybersecurity concerns. Security is the top worry for developers using AI, with most rating the risk as moderate or high, leading to a st...
Read More » -
CISA Mandates Federal Patch for Actively Exploited MongoBleed Flaw
A critical vulnerability in MongoDB, tracked as CVE-2025-14847 and dubbed MongoBleed, is being actively exploited to remotely steal sensitive data like credentials and logs from unpatched servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to pa...
Read More » -
Boost Cyber Resilience: Proactive Wazuh Strategies
Cyber resilience is a proactive strategy that enables organizations to anticipate, withstand, respond to, and recover from attacks with minimal operational impact, moving beyond traditional reactive security models. The Wazuh security platform provides unified visibility, early threat detection, ...
Read More » -
Google Mangle: A New Language for Deductive Database Programming
Google has launched Mangle, an open-source programming language built on Datalog to simplify deductive database programming and handle fragmented data across diverse sources. Mangle enhances Datalog with features like recursive rules, uniform data access, and aggregation functions, making it usef...
Read More »