Tech Critter

Semgrep Alternatives for AI-Generated Code Review Workflows

Compare Semgrep alternatives for teams whose developers increasingly ship code suggested by copilots and agents. See why ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...
Bleeping Computer

Apiiro unveils free scanner to detect malicious code merges

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two ...
Computerworld

How to choose and use source code analysis tools

The high cost of finding and patching application flaws is well known. Wouldn’t it be cheaper to write secure code in the first place? One of the fastest growing areas in the software security ...
Bleeping Computer

Nuclei flaw lets malicious templates bypass signature verification

A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...
Scientific American

Open-source software has an invisible vulnerability. Hackers have found it

The danger in the code came from characters that are invisible to the human eye. In early March researchers at several security firms examined what looked like empty space and found hidden Unicode ...