Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...
Bleeping Computer

GitHub now allows enabling private vulnerability reporting at scale

GitHub announced that private vulnerability reporting is now generally available and can be enabled at scale, on all repositories belonging to an organization. Once toggled on, security researchers ...
Morningstar

Detectify Launches Dynamic API Scanner with over 900 Quintillion Payloads

Detectify, the application security testing platform for evolving attack surface coverage, today announced the expansion of its AppSec platform to include advanced API scanning capabilities, providing ...
Forbes

API Penetration Testing And API Vulnerability Assessment: Use The Right Tool For The Right Job

API vulnerability scanning and API penetration testing are both important methods for ensuring the security of an API, but they have distinct differences in terms of their scope, methodology and ...
CSOonline

GitHub releases new SDLC security features including private vulnerability reporting

GitHub also announces CodeQL support for Ruby programming language and coverage/risk overviews to help users secure the software development lifecycle. GitHub has announced new security features ...
ZDNet

Google open-sources Tsunami vulnerability scanner

Google has open-sourced a vulnerability scanner for large-scale enterprise networks consisting of thousands or even millions of internet-connected systems. Named Tsunami, the scanner has been used ...