Towards a Blockchain-Based CI/CD Framework to Enhance Security in Cloud Environments

Security is becoming a pivotal point in cloud platforms. Several divisions, such as business organisations, health care, government, etc., have experienced cyber-attacks on their infrastructures. This research focuses on security issues within Continuous Integration and Deployment CI/CD pipelines...

ATLANTIS: AI-Driven Threat Localization, Analysis, and Triage Intelligence System

We present ATLANTIS, the cyber reasoning system developed by Team Atlanta that won 1st place in the Final Competition of DARPA's AI Cyber Challenge AIxCC at DEF CON 33 August 2025. AIxCC 2023-2025 challenged teams to build autonomous cyber reasoning systems capable of discovering and patching...

WordPress plugin Security Ninja 安全漏洞

WordPress Security Ninja is a plugin that focuses on website security protection, providing automated security scanning, login protection, IP blocking, and two-factor authentication to help users proactively identify security risks and prevent hacker attacks. WordPress Security Ninja has an...

Automated Attack Testflow Extraction from Cyber Threat Report Using BERT for Contextual Analysis

In the ever-evolving landscape of cybersecurity, the rapid identification and mitigation of Advanced Persistent Threats APTs is crucial. Security practitioners rely on detailed threat reports to understand the tactics, techniques, and procedures TTPs employed by attackers. However, manually...

Evaluating Disassembly Errors with Only Binaries

Disassemblers are crucial in the analysis and modification of binaries. Existing works showing disassembler errors largely rely on practical implementation without specific guarantees and assume source code and compiler toolchains to evaluate ground truth. However, the assumption of source code i...

From Texts to Shields: Convergence of Large Language Models and Cybersecurity

This report explores the convergence of large language models LLMs and cybersecurity, synthesizing interdisciplinary insights from network security, artificial intelligence, formal methods, and human-centered design. It examines emerging applications of LLMs in software and network security, 5G...

How to Automate Security Questionnaires and Reduce Response Time

Security questionnaires take a lot of time and repetitively answering the same questions manually chews up business time…...

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditional trust...

Automating Data Encryption and Security Audits for Continuous Protection

Protecting sensitive data is critical for businesses facing constant cyber threats. Automating encryption, audits, and access control strengthens security and reduces human error...

Cyber Story Time: The Boy Who Cried "Secure!"

As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation ASV tools?" We've covered that pretty extensively in the past, so today, instead of covering the "What is ASV?" I wanted to address the "Why ASV?"...

ChatGPT: Friend or Foe? | API Security Newsletter

Welcome to our April API newsletter, recapping some of the events of last month. This month’s topic is Generative AI tools e.g., ChatGPT in cybersecurity. It – along with API Security – dominated the 2023 RSA Conference, and there’s plenty of digital ink being spilled on the topic. Be sure to wat...

How to Apply NIST Principles to SaaS in 2023

The National Institute of Standards and Technology NIST is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance ...

GSD-2022-1007300 sh: machvec: Use char[] for section boundaries

sh: machvec: Use char for section boundaries This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.150 by commit...

GSD-2022-1005149 net: atlantic: fix aq_vec index out of range error

net: atlantic: fix aqvec index out of range error This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...

The Three Key Competencies that Optimize Data Security Orchestration

One of the principal benefits of a modern data-centric security fabric is being able to automatically apply security controls to the data itself and drive policy-compliant data handling behavior by privileged users. But we all know that detecting a security incident is just the first part of the...

GSD-2022-1004335 ip: Fix data-races around sysctl_ip_prot_sock.

ip: Fix data-races around sysctlipprotsock. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.58 by commit...

GSD-2022-1002129 mm,hwpoison: unmap poisoned page before invalidation

mm,hwpoison: unmap poisoned page before invalidation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...

Vulnerability Intelligence based on media hype. It works? Grafana LFI and Log4j “Log4Shell” RCE

Hello everyone! In this episode, I want to talk about vulnerabilities, news and hype. The easiest way to get timely information on the most important vulnerabilities is to just read the news regularly, right? Well, I will try to reflect on this using two examples from last week. I have a security...

UVI-2021-1001511 ipack: ipoctal: fix stack information leak

ipack: ipoctal: fix stack information leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.285 by commit...

Auto Apply IPS Rules for Solid Cloud Workload Security

Learn how to leverage automated and programmable APIs to quickly scan and secure workloads with high or critical severity IPS rules...