%term

Multi-Tenant Systems: Sharing Vulnerabilities #appsec

Sep 2, 2025 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about Multi-Tenant Systems: Sharing Vulnerabilities #appsec

How to Add MCP Servers to Gemini (CLI & Code Assist)

Sep 1, 2025 By Snyk In Snyk

In this video, I walk through how to add MCP servers to Google Gemini, covering both the CLI setup and Code Assist integration. Whether you’re just getting started with Gemini or want to extend its capabilities with MCP servers, this step-by-step guide will get you up and running.

View Video

Snyk

Read more about How to Add MCP Servers to Gemini (CLI & Code Assist)

Seven ways AI could impact the future of pen testing

Sep 1, 2025 By Marcus White In Outpost 24

In an era where attack surfaces are expanding faster than ever, AI has the potential to transform how organizations find and fix vulnerabilities. Gartner estimates AI agents will reduce the time it takes to exploit account vulnerabilities by 50%. From automating routine scans to developing self-learning attack agents, AI is already changing the red team playbook – and the pace of innovation shows no signs of slowing.

Read Post

Outpost 24

Read more about Seven ways AI could impact the future of pen testing

GPT-5 Realizes its Mistake...

Aug 31, 2025 By Snyk In Snyk

GPT-5 Realizes its Mistake...

View Video

Snyk

Read more about GPT-5 Realizes its Mistake...

Can GPT-5 Write SAFE Code?

Aug 30, 2025 By Snyk In Snyk

Can GPT-5 Write SAFE Code?

View Video

Snyk

Read more about Can GPT-5 Write SAFE Code?

FreePBX Authentication Bypass Leading to SQL Injection and RCE (CVE-2025-57819)

Aug 29, 2025 By Tal Zamir In IONIX

A new critical vulnerability has been identified in FreePBX, the widely adopted open-source, web-based graphical user interface for managing Asterisk PBX systems. Tracked as CVE-2025-57819, this flaw affects FreePBX versions 15, 16, and 17 and enables unauthenticated attackers to bypass administrator login controls. Once inside, threat actors can perform SQL Injection attacks that lead directly to remote code execution (RCE).

Read Post

IONIX

Read more about FreePBX Authentication Bypass Leading to SQL Injection and RCE (CVE-2025-57819)

GPT-5 Made Up its Own Language...

Aug 29, 2025 By Snyk In Snyk

GPT-5 Made Up its Own Language...

View Video

Snyk

Read more about GPT-5 Made Up its Own Language...

It's Time to Understand and Manage Vulnerability Debt

Aug 29, 2025 By Corey Tomlinson In Nucleus

Vulnerability prioritization isn’t just an important piece of any organization’s vulnerability management process. It’s a requirement. With the volume so high, and growing, it’s simply impossible to address every vulnerability an organization encounters. Prioritization comes at a price. Many organizations focus on a small number of the most critical vulnerabilities in their environment, which leads to an important question: What happens to the rest?

Read Post

Nucleus

Read more about It's Time to Understand and Manage Vulnerability Debt

Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33

Aug 28, 2025 By SquareX

It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that allows users to log in with biometrics or a hardware key. According to FIDO, over 15 billion accounts have been passkey-enabled, with 69% of users globally enabling passkeys in at least one account. The passkey promise is simple - eliminate passwords, eliminate vulnerabilities.

Read Post

Read more about Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33

Nx npm Malware Explained: AI Agent Hijacking

Aug 28, 2025 By Snyk In Snyk

Nx npm malware (Aug 2025): attackers published malicious Nx packages that weaponized AI coding agents (Claude Code, Gemini CLI, Amazon Q) via a postinstall script to inventory sensitive files and exfiltrate sensitive data to public GitHub repos named “s1ngularity-repository-*.” We break down what happened, affected versions, and how to check + respond (rotate credentials, hunt IoCs, and more). Resources.

View Video