We created a vulnerability vending machine: AI tokens in, zero-days out

We created a vulnerability vending machine: AI tokens in, zero-days out

Artificial intelligence is transforming the landscape of vulnerability research, yet much of the discussion remains theoretical, focusing on the potential capabilities of models rather than their current practical applications. Our goal was to address a more pragmatic inquiry: with the models we currently have access to, how effectively can AI assist in identifying genuine, exploitable…

Read More
AsyncAPI npm Packages Compromised by Credential-Stealing Malware

AsyncAPI npm Packages Compromised by Credential-Stealing Malware

Five harmful versions of AsyncAPI packages were uploaded to the Node Package Manager (npm) as part of a supply-chain attack that introduced a remote access trojan capable of stealing information. The attacker took advantage of a poorly configured GitHub Actions workflow, releasing trojanized packages within the @asyncapi namespace, which collectively garnered over 2.25 million downloads…

Read More
Back To Top