Semgrep Announces the Private Beta of AI-Powered Detection to Uncover Business Logic Vulnerabilities

"Most of our high-severity responsible disclosure findings involve authorization logic flaws. Semgrep's AI-powered detection now identifies those automatically, giving us the benefit of an internal ...

SAP fixes serious security issues - here's how to stay safe

Security researchers SecurityBridge, who notified SAP after finding the flaw, described as a “missing input sanitation” ...

Forrester: Gen AI is a chaos agent, models are wrong 60% of the time

Forrester warns AI is cybersecurity’s "new chaos agent": 45% of AI-generated code ships with critical vulnerabilities, identity risks surge, and trust in generative AI collapses.
CSO Online

November Patch Tuesday: Zero day Windows kernel flaw in servers, controllers, and PCs

Also of importance are a Kerberos vulnerability in Active Directory, a Visual Studio Copilot extension, and a Microsoft ...
GovInfoSecurity

Tenzai Gets $75M to Upend Pen Testing With Synthetic Hackers

Tenzai has emerged from stealth with $75 million to develop AI agents capable of performing autonomous penetration tests.
InfoWorld

How pairing SAST with AI dramatically reduces false positives in code security

In our study, a novel SAST-LLM mashup slashed false positives by 91% compared to a widely used standalone SAST tool.
Devdiscourse

Targeted injection attacks could undermine AI trust by corrupting semantic understanding

Classic cybersecurity tools are nearly powerless against semantic attacks. Signature detection, hashing, and code audits all depend on identifying explicit changes in code or data, but meaning-level ...
Inside Halton

Government websites in Canada ‘easy targets’ for hackers: study

Federal, provincial and city websites are riddled with common security flaws, making them vulnerable to costly cyber attacks, ...