The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at ...
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...

GitHub adds AI-powered bug detection to expand security coverage

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static ...

AI accelerates code, but delays tests

Generative AI has significantly increased productivity in programming. A study by GitHub Research shows that developers ...
csis.org

AI-Driven Code Analysis: What Claude Code Security Can—and Can’t—Do

Q1: How does Claude Code Security function—and how does it differ from traditional static application security testing (SAST)? A1: Conventional rule-based static analysis uses pattern matching, ...

Xint Code Demonstrates Human-like Discovery and Prioritization of Business Logic Vulnerabilities, Analyzing Millions of Code Lines in Just Hours

Theori, a leader in offensive security research, today announced the commercial availability of Xint Code, the first completely LLM-native Static Application Security Testing (SAST) tool capable of ...

New Infinity Stealer malware grabs macOS data via ClickFix lures

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.

Theori launches Xint Code AI platform to uncover hidden vulnerabilities in massive codebases

Offensive cybersecurity firm Theori Inc. today announced the commercial availability of Xint Code, a new large language model ...
GovInfoSecurity

Securing AI-Driven Code at Scale

AI accelerates software development but expands risk. Pavel Gurvich of Tenzai explains how agentic AI can help security teams ...

SafeHill Acquires Arcane Security to Secure the Rise of AI-Driven (‘Vibe Code’) Software Development

The Arcane Security acquisition strengthens SafeHill SecureIQ™ with AI-driven code analysis and continuous application ...

Anthropic and OpenAI just exposed SAST's structural blind spot with free tools

Can free AI scanners replace enterprise SAST? Anthropic and OpenAI found 500-plus zero-days pattern-matching tools missed — and both scanners are free.
The Lancet

VisionOnc: a dynamic data visualiser for oncology

Clinical trial datasets are becoming increasingly complex, yet the format of their dissemination remains largely static.1 ...