The article analyzes Cal.com’s abrupt shift to a closed‑source model, arguing that AI‑powered vulnerability discovery has turned open‑source transparency from a defensive advantage into a liability, and explores industry reactions, supporting data, and broader implications for the future of open‑source software.
Researchers from UC Berkeley, NUS, Tencent and ByteDance reveal that a single hidden line in an AI assistant’s memory file can trigger OpenClaw to leak core keys or erase disks, detailing a three‑dimensional CIK attack model, real‑world tests on four top LLMs, and mitigation strategies.
A security analysis reveals that a high‑severity vulnerability in the open‑source AI assistant OpenClaw allows an attacker to steal the master authentication token and obtain unrestricted "god‑mode" control of the host through a single malicious link, and outlines the technical cause, attack chain, and mitigation steps.
This study investigates the security performance of AI‑generated code in real‑world software projects, revealing high vulnerability rates, language‑specific adoption patterns, and evolving roles in the vulnerability lifecycle, and proposes a multi‑dimensional framework for risk mitigation and safe AI‑assisted development.
This article details how the Wukong AI Agent automatically audited the popular LLaMA‑Factory project, discovered a high‑severity remote code execution vulnerability (CVE‑2025‑53002) caused by unsafe torch.load usage, reported it to the maintainers, and demonstrated the official fix that adds a secure weights_only flag.
This article provides a comprehensive security analysis of the Model Context Protocol (MCP), exposing multiple attack vectors such as prompt poisoning, tool poisoning, command and code injection, and illustrating how MCP’s design flaws make it more vulnerable than traditional applications while offering concrete mitigation recommendations.
This article provides a detailed curriculum for a penetration testing training program, covering operating system basics, web services, database setup, Kali Linux installation, various hacking tools, common web vulnerabilities, SQL injection techniques, command execution, file upload and inclusion flaws, XSS, CSRF, SSRF, privilege escalation, and internal network exploitation.
The article details a security case where an unauthenticated university API allowed an attacker to enumerate and download thousands of students' personal data by manipulating pagination parameters after discovering default credentials from a leaked PDF.
This article explains how Android AIDL and HIDL services are generated, outlines systematic steps to enumerate services, filter Java implementations, and automate information gathering, then details common memory‑corruption bug patterns and demonstrates real CVE‑2023‑21008 and CVE‑2023‑20766 exploits, concluding with a risk assessment.
The article explains how to enable Kubernetes audit logging and use its detailed fields—such as userAgent, responseStatus, requestURI, and object references—to detect CDK‑generated attacks and other threats like CVE‑2022‑3172, privilege escalation, and backdoor deployment, offering practical detection examples and security recommendations.
Veracode’s State of Software Security Volume 11 reveals that, among popular languages, C++ and PHP suffer the most severe vulnerabilities, while JavaScript and Python see rising issues, highlighting the need for developers to prioritize secure coding practices, regular updates, and careful management of third‑party dependencies.
This article walks through the typical ways MyBatis can introduce SQL injection—through misuse of # and $ in LIKE, IN, and ORDER BY clauses—provides correct code examples, and demonstrates a step‑by‑step reverse‑engineering workflow on an open‑source CMS to locate and confirm the vulnerability.
A recent open‑source vulnerability report reveals that C accounts for over 30% of reported flaws while PHP’s share surged to 27%, highlighting the prevalence of XSS attacks and emphasizing the need for better coding practices across all languages.
Meituan's security team explains cloud‑native architecture, outlines container‑escape threats from kernel bugs, vulnerable runtimes and misconfigurations, and recommends mitigation through hardened kernels, secure‑container runtimes like gVisor or Kata, rigorous patch management, and collaborative feature development to strengthen runtime protection.
This article provides a comprehensive overview of industrial control system terminology, common SCADA‑related protocols such as Modbus, PROFIBUS, DNP3, OPC, BACnet, and Siemens S7, their security weaknesses, detection scripts, and vulnerability analysis resources.
The article examines the high‑risk CVE‑2017‑5638 vulnerability in Apache Struts2, detailing its remote code execution mechanism, global impact statistics across industries and regions, and provides comprehensive detection methods and three tiers of remediation solutions.
