Nika: Open-source code analysis tool

Many serious security bugs in web applications sit across several files at once. Request data enters through a controller, moves through data objects and service layers, and turns dangerous only when it reaches a sensitive operation such as a database … Continue reading Nika: Open-source code analysis tool

AI-generated code risks reach security, legal, and compliance teams

Most engineering organizations write code with AI, and a good number of them keep that code away from customers. A Flux survey of engineering leaders and practitioners found that nearly half run AI-generated code in production. Almost every company in … Continue reading AI-generated code risks reach security, legal, and compliance teams

AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin

Phones and laptops ship with a feature that sends files to nearby devices over the air, with no cables, accounts, or prior pairing. Apple calls its version AirDrop. Google and Samsung call theirs Quick Share. Both run inside privileged background servi… Continue reading AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin

DarkMoon: Open-source AI pentesting platform

Penetration testing has long run on expert time, with specialists spending days probing a network or web application by hand. Manual engagements stretch across weeks, expert consultants run into thousands of dollars a day, and results vary with the tes… Continue reading DarkMoon: Open-source AI pentesting platform

Companies keep bolting AI onto their products, and the security bill is coming due

Companies keep bolting AI and LLM features onto their products, and the security results are starting to show a pattern. The vulnerabilities those features create get rated high risk far more often than anything else, and they get fixed slower than any… Continue reading Companies keep bolting AI onto their products, and the security bill is coming due

The uptime questions every engineering leader should ask this week

In this interview with Help Net Security, Mattias Geniar, CTO at Oh Dear, explains why most outages start quietly, as creeping latency or a slow rise in errors. He argues teams alert on the wrong things: absolute numbers instead of changes, isolated en… Continue reading The uptime questions every engineering leader should ask this week

Where IT meets OT and railway cybersecurity gets harder

In this interview with Help Net Security, Jorge Aldegunde, Global Head of Railway Services at DNV, talks through what happens when old operational technology meets newer IT in monorail systems. He explains why open networks widened the attack surface, … Continue reading Where IT meets OT and railway cybersecurity gets harder