Cybersecurity specialists have exposed a pervasive malicious campaign targeting developers, wherein the adversary bypassed the compromise of finished products to exploit vulnerabilities within the build process itself. By leveraging the public NPM registry, the...
AI Detection Engineering Lab A template for building an AI-powered detection engineering pipeline using Claude Code as an autonomous blue team agent. Deploy a full SIEM lab, generate simulated attack telemetry, and let an AI agent...
The novel Linux implant, Quasar Linux, poses a formidable threat not merely to individual workstations but to the entire software supply chain. This malicious suite targets environments dedicated to the creation, compilation, and dissemination...
Trajan: CI/CD Security Scanner Trajan scans CI/CD pipelines for security vulnerabilities that attackers use to compromise software supply chains. It supports GitHub Actions, GitLab CI, Azure DevOps, Jenkins, and JFrog. What it does Trajan...
malware-check Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations. Analyzes source code, compiled executables (.exe, .dll, .elf), macOS bundles (.app, .dmg, .pkg), mobile apps (.apk, .ipa), and application...
Vulnerabilities have begun to outpace defensive measures not merely by hours, but by entire days, often preceding the release of formal rectifications. According to recent empirical analyses, the average Time-to-Exploit for the most perilous...
PentAGI PentAGI is an innovative tool for automated security testing that leverages cutting-edge artificial intelligence technologies. The project is designed for information security professionals, researchers, and enthusiasts who need a powerful and flexible solution...
Tailsnitch A security auditor for Tailscale configurations. Tailsnitch scans your tailnet for 50+ misconfigurations, overly permissive access controls, and security best practice violations. Tailscale is a Zero Trust identity-based connectivity platform that replaces your...
The ubiquitous integration of artificial intelligence into software development over the past year has precipitously accelerated production cycles while concurrently exacerbating deeply entrenched security vulnerabilities. The nascent State of Secrets Sprawl 2026 dossier published...
DepConfuse is a command-line tool that proactively detects dependency confusion vulnerabilities. It scans SBOMs or PURLs to identify internal package names that could be subject to public package takeover, providing actionable insights to secure your...