Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

A guide to the OWASP TOP 10 for large language model applications

Attackers are increasingly targeting vulnerabilities within large language models (LLMs) used to recognise and generate text. In response to the growing risk, the recently launched OWASP Top 10 for LLMs covers the key vulnerabilities within these types of AI applications. Read our guide to learn more about the most critical vulnerabilities and how to reduce AI security risks.

CVE-2024-27348 - A Critical RCE Vulnerability in Apache HugeGraph Server

Apache HugeGraph-Server, a popular open-source graph database tool, has been found to have a critical security vulnerability tracked as CVE-2024-27348. The vulnerability allows remote code execution (RCE), giving attackers the ability to execute arbitrary commands on vulnerable servers. This blog explores the details of this vulnerability, its impact, and the necessary mitigation steps to protect affected systems.

How to setup Deno Dev Container on GitHub Codespaces?

If you’ve been searching for guides and tutorials on getting started with Deno web development in a cloud IDE such as GitHub Codespaces, you’ve come to the right place. In this post, we will be exploring the world of Deno, GitHub Codespaces, and Dev Containers, providing you with the knowledge you need to set up your development environment effectively and efficiently in the cloud.

Advanced Vulnerability Assessments: Beyond Penetration Testing

Sensitive information must be protected from constantly evolving cyber threats in the digital age. For companies of all sizes, this is an imperative and not just a desirable objective. A sound, proactive approach to cybersecurity involves "stress-testing" an organization's defenses to see where they can be penetrated-by whom, and using what techniques.

CVE-2024-4879, CVE-2024-5178, CVE-2024-5217: ServiceNow MID Server Vulnerabilities Resulting in Unauthorized Code Execution

On July 10, 2024, ServiceNow disclosed a series of critical vulnerabilities impacting their platform, identified as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217. These vulnerabilities were responsibly disclosed to ServiceNow in May 2024 by Assetnote, a cybersecurity firm. ServiceNow responded by patching hosted instances in June 2024.

10 Dimensions of Python Static Analysis

Python static analysis, also known as "linting", is a crucial aspect of software development. It involves inspecting your Python code without running it to identify potential bugs, programming errors, stylistic issues, or non-adhering patterns to predefined coding standards. It also helps identify vulnerabilities early in the development process, reducing the chances of deploying insecure code into production.

Suspicious Maintainer Unveils Threads of npm Supply Chain Attack

This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package: Specifically, drawing our attention to the npm dependencies change that use an unfamiliar syntax: Most developers would expect to see a semver version range in the value of a package or perhaps a Git or file-based URL.