The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at ...

Theori launches Xint Code AI platform to uncover hidden vulnerabilities in massive codebases

Offensive cybersecurity firm Theori Inc. today announced the commercial availability of Xint Code, a new large language model ...

Semgrep Launches Multimodal, Combining AI Reasoning With Rule-Based Analysis for Detection, Triage, and Remediation

Semgrep, a leading code security company, today announced Semgrep Multimodal, a system that combines AI reasoning with ...

Xint Code Demonstrates Human-like Discovery and Prioritization of Business Logic Vulnerabilities, Analyzing Millions of Code Lines in Just Hours

Unlike traditional SAST, code scanners or pen testers, Xint Code uses multi-LLM reasoning and orchestration for human-like contextual understanding, identification and prioritization of hidden ...
GovInfoSecurity

Autonomous Agent Hacked McKinsey's AI in 2 Hours

Security startup CodeWall disclosed this week that its autonomous AI agent breached McKinsey's internal AI platform Lilli in two hours on Feb. 28, accessing tens of ...

Opsera Unveils AppSec AI Agents to Power the Shift from traditional SDLC to AI-SDLC

Opsera, the leader in Agentic DevOps, today announced the launch of Opsera AI Agents for DevSecOps, a suite of intelligent, purpose-built agents designed to help enterprises transition from ...
Security Boulevard

MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars—the clock is running

RSAC 2026 opens here Monday at Moscone Center, with upwards of 40,000 cybersecurity professionals, executives, and policy ...
DevPro Journal

The software leader’s guide to conducting a successful code audit

Learn why a 2026 code audit is essential for managing technical debt, improving security, and preparing for M&A.

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using ...
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...