Despite years of investment in vulnerability scanning and shift-left security practices, known vulnerabilities continue to drive production security incidents, according to the Cloud Security Alliance’s 2026 State of Modern Application & AI Security Report. As AI accelerates both vulnerability discovery and exploit development, organizations are facing increasing pressure to reduce exposure windows before attackers can…
Tag: scanning
AI, Endpoint, Global Security News
Vigolium: Open-source vulnerability scanner
Vigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project ships 235+ scanner modules and an in-process agent runtime called olium that handles autonomous endpoint discovery, attack planning, and finding triage. The tool exposes two scanning paths. vigolium scan runs a multi-phase deterministic pipeline…
AI, Global Security News
CVE Lite CLI: Open-source dependency vulnerability scanner
Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours or days after writing the code. CVE Lite CLI, now an officially recognized…
AI, Global Security News
AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software
AI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design software
AI, Exploits, Global Security News
18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. […]
AI, Global Security News
Anthropic Rolls Out Claude Security for AI Vulnerability Scanning
Claude Security enters public beta, giving enterprises AI driven code scanning with no API integration or custom agents required
Global Security News
What Happens in the First 24 Hours After a New Asset Goes Live
When a new asset goes live, attackers start scanning within minutes. Sprocket Security shows how automated attacks move from discovery to compromise in under 24 hours. […]
Global Security News, malware
ZionSiphon Malware Targets Water Infrastructure Systems
ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities
AI, Apps, Global Security News, Risk Management
Scans for EncystPHP Webshell, (Mon, Apr 13th)
Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more difficult-to-guess credentials. Today, I noticed some scans for what appears to be the “EncystPHP” web shell. Fortinet wrote about…
AI, Cloud Security, Global Security News, Risk Management
Intruder expands cloud security with agentless container image scanning
Intruder has announced the release of Container Image Scanning, a new upgrade to its cloud security capabilities that automatically scans container images for vulnerabilities, granting customers actionable insight into container risk without deploying and maintaining scanning agents across their estates. Leveraging existing integrations with major cloud providers, Intruder supports Amazon Web Services Elastic Container Registry,…
AI, Cybersecurity, Global Security News, privacy
Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing
LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you’re job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy. Meanwhile, California’s crypto millionaires are learning that no amount…
AI, Compliance, Cybersecurity, Global Security News, Government & Policy, Network Security, privacy, Russia
LinkedIn is spying on you, and you agreed to nothing
LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you’re job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy. Meanwhile, California’s crypto millionaires are learning that no amount…
AI, Global Security News
GitHub adds AI-powered bug detection to expand security coverage
GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. […]
Exploits, Global Security News, Risk Management
Detectify uncovers hidden assets and risks across entire IP ranges
Detectify has launched IP Range Scanning, enabling continuous discovery and monitoring of entire IP address blocks to help security teams identify forgotten assets and hidden risks before attackers exploit them. Many organizations are sitting on forgotten IP addresses that have become entry points for cyberattacks. While millions have been spent securing public-facing websites, legacy tools…
Global Security News
Betterleaks: Open-source secrets scanner
Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to scan git repositories, directories, and standard input for leaked credentials, API keys, tokens, and passwords.…
AI, Global Security News
Scans for “adminer”, (Wed, Mar 18th)
A very popular target of attackers scanning our honeypots is “phpmyadmin”. phpMyAdmin is a script first released in the late 90s, before many security concepts had been discovered. It’s rich history of vulnerabilities made it a favorite target. Its alternative, “adminer”, began appearing about a decade later (https://www.adminer.org). One of its main “selling” points was simplicity.…
AI, Global Security News
VulHunt: Open-source vulnerability detection framework
Binarly has published VulHunt Community Edition, making the core scanning engine from Binarly’s commercial Transparency Platform available to independent researchers and practitioners. What VulHunt does VulHunt Community Edition is a framework for detecting vulnerabilities in compiled software. It operates against multiple binary representations simultaneously, working across disassembly, an intermediate representation layer, and decompiled code. Targets…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
Vulnerability monitoring service secures public-sector websites faster
An automated scanning system has cut the time it takes to fix cybersecurity vulnerabilities across public sector IT systems, reducing median remediation time for general cyber vulnerabilities from 53 days to 32, and slashing DNS-specific average fix times from 50 days to eight. The results come from the UK government’s newly launched vulnerability monitoring service…
AI, Artificial Intelligence, Cybersecurity, Don't miss, Exploits, framework, Global Security News, News
Zen-AI-Pentest: Open-source AI-powered penetration testing framework
Zen-AI-Pentest provides an open-source framework for scanning and exercising systems using a combination of autonomous agents and standard security utilities. The project aims to let users run an orchestrated sequence of reconnaissance, vulnerability scanning, exploitation, and reporting using AI guidance and industry tools like Nmap and Metasploit. It is written to support command line, API,…