An extensible developer-friendly application security platform that scans source code to surface true and actionable security issues with AI-assisted SAST, SCA, and Secrets Detection solutions.

Posted by Gallus - 13 votes and 0 comments

In our last blog, we detailed our approach to building a continuous application security pipeline with the objective of providing…

The Threat Analysis Group shares new information on the commercial spyware vendor Variston.

Share your videos with friends, family, and the world

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation

Exciting news – we’ve released a new version of our CI/CD Goat CTF platform, a deliberately vulnerable CI/CD environment. We decided to release a new version with a shiny new challenge, after our previous 10 challenges were enthusiastically received and widely…

ONEKEY identifies a command injection bug in the M25 NAS from Asus. Read the latest Security Advisory here

This advisory contains information about the following vulnerabilities:
- OOB Accesses Using the Logging System

Last month, during Ekoparty, Blue Frost Security published a Windows challenge. Since having a Windows exploitation challenge, is one of a kind in CTFs, and since I’ve found the challenge interesting and very clever, I’ve decided to post about my reverse…

### Summary
An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the [Visual Studio Code Remote Developmen...

This post contains a chain of vulnerabilities I responsibly disclosed to Riot Games in November of 2016. I’m publicly disclosing it now as…