#jobs #incident #vulnerability #patch-management #security-tools #ai #exploit #malware #detection-engineering #phishing #cloud #aws #authentication #ransomware #breach
Articles tagged with: #sast Clear filter
New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts

New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts

Cyber Security News cybersecuritynews.com

A sophisticated malware campaign targeting WordPress sites has emerged, utilizing PHP variable functions and cookie-based obfuscation to evade traditional security detection mechanisms. The attack represents an evolution in obfuscation techniques, where threat actors fragment malicious code across multiple HTTP cookies and dynamically reconstruct executable functions at runtime. This approach makes static analysis significantly more challenging,

#incident #detection-engineering #malware #sast
How do you handle large-scale triage after a SAST/DAST/SCA rollout?

How do you handle large-scale triage after a SAST/DAST/SCA rollout?

cybersecurity www.reddit.com

Hey everyone, In a large company we recently rolled out SAST, DAST, and SCA scanners. After the rollout, thousands of alerts popped up across many repositories. Do you have any proven strategies or tips for handling triage at scale? I'd like to keep it productive without overwhelming or demotivating developers, since they also have business goals to focus on. Thanks in advance for any insights! submitted by /u/Mad_Hatter_XYZ [link] [comments]

#sast #dast
Collaborative penetration testing suite for emerging generative AI algorithms

Collaborative penetration testing suite for emerging generative AI algorithms

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.19303v1 Announce Type: new Abstract: Problem Space: AI Vulnerabilities and Quantum Threats Generative AI vulnerabilities: model inversion, data poisoning, adversarial inputs. Quantum threats Shor Algorithm breaking RSA ECC encryption. Challenge Secure generative AI models against classical and quantum cyberattacks. Proposed Solution Collaborative Penetration Testing Suite Five Integrated Components: DAST SAST OWASP ZAP, Burp Suite, SonarQube, Fortify. IAST Contrast Assess integrated...

#vulnerability #sast #dast #iast
ParaVul: A Parallel Large Language Model and Retrieval-Augmented Framework for Smart Contract Vulnerability Detection

ParaVul: A Parallel Large Language Model and Retrieval-Augmented Framework for Smart Contract Vulnerability Detection

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.17919v1 Announce Type: new Abstract: Smart contracts play a significant role in automating blockchain services. Nevertheless, vulnerabilities in smart contracts pose serious threats to blockchain security. Currently, traditional detection methods primarily rely on static analysis and formal verification, which can result in high false-positive rates and poor scalability. Large Language Models (LLMs) have recently made significant progress in smart contract vulnerability detection....

#vulnerability #security-tools #detection-engineering #patch-management #sast
Injection, Attack and Erasure: Revocable Backdoor Attacks via Machine Unlearning

Injection, Attack and Erasure: Revocable Backdoor Attacks via Machine Unlearning

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.13322v1 Announce Type: new Abstract: Backdoor attacks pose a persistent security risk to deep neural networks (DNNs) due to their stealth and durability. While recent research has explored leveraging model unlearning mechanisms to enhance backdoor concealment, existing attack strategies still leave persistent traces that may be detected through static analysis. In this work, we introduce the first paradigm of revocable backdoor attacks, where the backdoor can be proactively and...

#incident #sast
How are you leveraging AI at work. Here's what am experimenting with

How are you leveraging AI at work. Here's what am experimenting with

cybersecurity www.reddit.com

AI is all over the place these days. I'm looking for insights from the community on how are you guys leveraging AI at work, what aspect of security did you tried it on or have ideas to try? I'm looking at identification and patching of vulnerable code, at this point am unsure if it can completely replace SAST, experimenting with it right now. For patching, GitHub introduced auto patching of vulnerable code, you might check it out if your org used GH. submitted by /u/NoSilver9 [link] [comments]

#sast