Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How AI-Automated Fuzzing Uncovered a Vulnerability in wolfSSL
Despite wolfSSL’s rigorous software testing practices, in October 2024, Code Intelligence—an application security vendor—discovered a potentially exploitable defect in wolfSSL. Remarkably, the potential vulnerability was found without human intervention. The only manual step was executing a single command to trigger autonomous fuzz testing. Watch the video for a live demo of AI-automated fuzzing.
From Zero to CTEM: An Actionable Approach to the Five Stages
Join Nucleus team members Tali Netzer, Head of Product Marketing, and Scott Koffer, COO and Co-Founder, as they navigate the intricacies of Continuous Threat Exposure Management (CTEM). In this webinar, they discuss the history of vulnerability management, the evolution to CTEM, and how it fundamentally changes the approach to cybersecurity. Learn about the five-step CTEM process, from scoping and prioritization to validation and mobilization.
Viral but Vulnerable: The Hidden Risks of Cybersecurity Misinformation on Social Media
It's no surprise that 18–29-year-olds are turning to social media for cybersecurity information. As digital natives, this age group naturally gravitates toward platforms where information is fast, accessible, and constantly updated. But how effectively are they absorbing these short snippets—and are they likely to share it forward? More importantly, what happens if that cybersecurity information is inaccurate?
Does Claude 3.7 Sonnet Generate Insecure Code?
With the announcement of Anthropic’s Claude 3.7 Sonnet model, we, as developers and cybersecurity practitioners, find ourselves wondering – is the new model any better at generating secure code? We commission the model to generate a classic CRUD application with the following prompt: The model generates several files of code in one artifact, which the user can manually copy and organize according to the file tree suggested by Claude alongside the main artifact.
Security through obscurity: An illusion of safety?
Security through obscurity is based on the idea that if attackers don’t know how a system works or even if it exists, they’ll have a harder time breaching it. Despite repeatedly broken implementations and lacking support from standards bodies, this concept continues to be widely used. Secret doesn’t always mean safe – and it can even give a false sense of security.
AI-Automated Fuzzing Found a Heap Buffer Overflow in AWS C Common Library
A critical heap buffer overflow vulnerability in the AWS C Common library was discovered autonomously through an AI-automated fuzz testing solution, CI Fuzz, and has been fully addressed with a patch. In this post, we explore the vulnerability and its potential impact on embedded systems.
Seal Security Launches Seal OS: Fix Linux Vulnerabilities in Minutes
The first holistic, open source vulnerability remediation solution with long-term support for any Linux environment, fixing 99% of vulnerabilities with a single line of code.
How to Fix CWE-73? External Control of Filename
CWE, or Common Weakness Enumeration 73, occurs when an unauthorized user gains external access to control a file in your system. CWE provides a standardized language and classification system to help identify, understand, and mitigate vulnerabilities in software and systems. External Control of Filename or Path is a vulnerability that occurs when an application allows an external entity to influence the selection of a file or directory location within the system.