Many Tools, Few Exploitable Vulnerabilities: A Survey of 246 Static Code Analyzers for Security

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses or application domains, no overview of the entire securit...

Malicious code in ably-forks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af3c510b1758cfff971e520dd0a78157b1e35918897519edc2fa0364bc46159b The package ably-forks was found to contain malicious code. Source: ghsa-malware b26088266049a671acc67187ede8f130532eb10e90e61293e96211f7ad0c1103 Any...

MAL-2026-939 Malicious code in ably-forks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af3c510b1758cfff971e520dd0a78157b1e35918897519edc2fa0364bc46159b The package ably-forks was found to contain malicious code. Source: ghsa-malware b26088266049a671acc67187ede8f130532eb10e90e61293e96211f7ad0c1103 Any...

Jinan USR IOT Technology Limited (PUSR) USR-W610

RISK EVALUATION Successful exploitation of these vulnerabilities could result in authentication being disabled, a denial-of-service condition, or an attacker stealing valid user credentials, including administrator credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

📄 Skyvern 0.1.84 Template Injection / Code Execution

Skyvern version 0.1.84 remote code execution proof of concept exploit that leverages a vulnerability in workflow creation functionality where user-supplied input in the prompt field is processed through Jinja2 templating engine without proper sanitization, allowing attackers to execute arbitrary...

Trojan Horses in Recruiting: A Red-Teaming Case Study on Indirect Prompt Injection in Standard Vs. Reasoning Models

As Large Language Models LLMs are increasingly integrated into automated decision-making pipelines, specifically within Human Resources HR, the security implications of Indirect Prompt Injection IPI become critical. While a prevailing hypothesis posits that "Reasoning" or "Chain-of-Thought" Model...

MAL-2026-945 Malicious code in ui5-cap-event-app-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 837e841e2b75385a4e7c030237983cfe52f91373ffa3e56859c7055ac0a80f4d The package ui5-cap-event-app-server was found to contain malicious code. Source: ossf-package-analysis...

3 Ways to Start Your Intelligent Workflow Program

Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers...

Recursive Language Models for Jailbreak Detection: A Procedural Defense for Tool-Augmented Agents

Jailbreak prompts are a practical and evolving threat to large language models LLMs, particularly in agentic systems that execute tools over untrusted content. Many attacks exploit long-context hiding, semantic camouflage, and lightweight obfuscations that can evade single-pass guardrails. We...

Regular Expression Denial of Service (ReDoS) Detector

This Metasploit auxiliary module implements a scientific approach to detecting and validating ReDoS vulnerabilities in HTTP-based applications. It leverages context-aware payload generation, length progression testing, and statistical analysis to identify inefficient regular expressions that may...

Aether Smart Contract Security Analysis Framework 4.7.1

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

securiclaw

🦞 Securiclaw AI-Powered Code Security Scanner Securiclaw...

Can Adversarial Code Comments Fool AI Security Reviewers -- Large-Scale Empirical Study of Comment-Based Attacks and Defenses against LLM Code Analysis

AI-assisted code review is widely used to detect vulnerabilities before production release. Prior work shows that adversarial prompt manipulation can degrade large language model LLM performance in code generation. We test whether similar comment-based manipulation misleads LLMs during...

Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers

Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those...

Malicious code in mds-webcomponents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b33015300fa18b6b3d2c2f1c0af0e77cbd9fa96c7af7befbe61a5422165824e package.json declares preinstall: node index.js, which runs automatically on every npm install. index.js collects os.homedir, os.hostname,...

Advisory ROSA-SA-2026-3164

Software: tcpdump 4.9.3 OS: ROSA Virtualization 3.1 unaffected versions = tcpdump-4.9.3-5.rv31 affected versions tcpdump-4.9.3-5.rv31 CVE-ID: CVE-2020-8037 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PPP decoder in tcpdump allows an attacker to cause a large memory allocation...

nfstream 6.6.0

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python...

Exploiting Layer-Specific Vulnerabilities to Backdoor Attack in Federated Learning

Federated learning FL enables distributed model training across edge devices while preserving data locality. This decentralized approach has emerged as a promising solution for collaborative learning on sensitive user data, effectively addressing the longstanding privacy concerns inherent in...

AI Arms and Influence: Frontier Models Exhibit Sophisticated Reasoning in Simulated Nuclear Crises

Today's leading AI models engage in sophisticated behaviour when placed in strategic competition. They spontaneously attempt deception, signaling intentions they do not intend to follow; they demonstrate rich theory of mind, reasoning about adversary beliefs and anticipating their actions; and th...

MAL-2026-943 Malicious code in ethereums-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bddbe5ea052b93fa04966b01c8302455e06311fd6015aaf9c76c07ba8c8f21c4 The package ethereums-lint was found to contain malicious code. Source: ghsa-malware 7671a5fea1c5f2b0118bd9981213bde2b546a4191a57acd041aed6d8560c0de6...