OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically

OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model LLM and is programmed to emulate a human expert capable of scanning, understanding, and patching code. Called Aardvark , the artificial intelligence AI company said the autonomous...

CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...

Do We Really Need The OWASP NHI Top 10?

The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity NHI Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used...

Your control tower to secure code across GitHub, GitLab, and Azure Repos

Secure your code and the entire development pipeline with the Wiz Security Graph, comprehensive configuration checks, and advanced code scanning...

How to Secure App Development in the Cloud, With Tips From Gartner

Building applications in the cloud has been great for development speed and scalability, but it can sometimes feel more like a sustained migraine for security teams. How do you keep your cloud applications safe without resorting to a dizzying patchwork of overlapping tools and dispersed services?...

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product detections and...

PayPal: RCE via npm misconfig -- installing internal libraries from the public registry

A Bug Bounty researcher identified an issue where certain development projects defaulted to the public NPM registry, instead of using the intended internal packages. Since the packages on the public registry did not exist, the researcher created these and observed they were downloaded. Had these...

Richard Seiersen, CISO of Twilio, Joins Wallarm Board of Advisers

We are excited to welcome Richard Seiersen to Wallarm advisory team. Richard brings tons of security experience from both start-ups and global companies and unique views on making the impact of security measurable. We have asked Richard to share some of his thoughts on what’s important in cyber...