The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert

Six security teams shipped six OpenClaw defense tools in 14 days. Three attack surfaces survived: runtime semantic ...

Theori launches Xint Code AI platform to uncover hidden vulnerabilities in massive codebases

Offensive cybersecurity firm Theori Inc. today announced the commercial availability of Xint Code, a new large language model ...
TMCnet

Semgrep Launches Multimodal, Combining AI Reasoning With Rule-Based Analysis for Detection, Triage, and Remediation

Semgrep, a leading code security company, today announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and remediation. Its detection finds ...

Anthropic and OpenAI just exposed SAST's structural blind spot with free tools

Can free AI scanners replace enterprise SAST? Anthropic and OpenAI found 500-plus zero-days pattern-matching tools missed — and both scanners are free.

Xint Code Demonstrates Human-like Discovery and Prioritization of Business Logic Vulnerabilities, Analyzing Millions of Code Lines in Just Hours

Theori, a leader in offensive security research, today announced the commercial availability of Xint Code, the first completely LLM-native Static Application Security Testing (SAST) tool capable of ...

Why Agentic AI Requires A Cybersecurity Governance Playbook

Cybersecurity risks with agentic AI requires fine grained API rights management, governance structures and trust layers.
Dark Reading

Attackers Use New Tool to Scan for React2Shell Exposure

New data suggests a cyber espionage group is laying the groundwork for attacks against major industries. The "React2Shell" vulnerability is already almost a few months old, but it's far from over. An ...

Researchers disclose vulnerabilities in IP KVMs from four manufacturers

Researchers are warning about the risks posed by a low-cost device that can give insiders and hackers unusually broad powers ...

Waratek Redefines Secure Development with Launch of Waratek IAST at JavaOne 2026

AI-assisted code speeds development, but introduces vulnerabilities at an alarming rate. Waratek IAST reports flaws ...

AI security: How to protect your tools and processes

Zapier reports that AI security is crucial as AI usage grows, presenting risks like data breaches and adversarial attacks ...