BestHub
Sign in
Tagged articles
14 articles
Page 1 of 1
AI Explorer
AI Explorer
Mar 8, 2026 · Information Security

Anthropic’s Claude Opus Finds 22 Firefox Bugs in Two Weeks, Hinting at a Security Paradigm Shift

In just two weeks, Anthropic’s Claude Opus 4.6 model identified 22 security flaws in the Firefox codebase, including 14 high‑severity issues, demonstrating that advanced AI can move from auxiliary analysis to core vulnerability hunting and potentially reshape the security industry’s fundamental dynamics.

AI securityClaude OpusDevSecOps
0 likes · 6 min read
Anthropic’s Claude Opus Finds 22 Firefox Bugs in Two Weeks, Hinting at a Security Paradigm Shift
AI Engineering
AI Engineering
Feb 21, 2026 · Information Security

Anthropic Unveils Claude Code Security: AI Takes Over Code Vulnerability Detection

Anthropic's new Claude Code Security tool uses an AI model that reads code like a human researcher, detecting complex logic‑flaw and permission‑control bugs missed by traditional pattern‑matching scanners, providing multi‑round verification, confidence scores, and AI‑generated patches while still requiring developer approval.

AI securityAnthropicClaude
0 likes · 6 min read
Anthropic Unveils Claude Code Security: AI Takes Over Code Vulnerability Detection
Tencent Technical Engineering
Tencent Technical Engineering
Nov 7, 2025 · Information Security

How AI Multi‑Agent Systems Are Revolutionizing Code Security Audits

This article explores how Wukong's AI‑driven multi‑agent architecture dramatically improves code security auditing by addressing context loss, scheduling imbalances, and integrating a data‑flywheel that turns bad cases into continuous model improvements, illustrated by a real NVIDIA Megatron‑LM vulnerability fix.

AICode AuditingMulti-Agent
0 likes · 14 min read
How AI Multi‑Agent Systems Are Revolutionizing Code Security Audits
Wukong Talks Architecture
Wukong Talks Architecture
Sep 1, 2025 · Information Security

Boost Web Privilege Testing with the XiaYue Burp Suite Plugin

XiaYue, a powerful Burp Suite extension, automates vertical and horizontal privilege escalation detection by comparing responses across multiple permission levels, offering smart deduplication, advanced filtering, parameter replacement, visual data tables, persistent configuration, and performance optimizations, while the author also shares a heartfelt story about their child's school start.

AutomationBurp SuiteWeb Security
0 likes · 9 min read
Boost Web Privilege Testing with the XiaYue Burp Suite Plugin
Tencent Technical Engineering
Tencent Technical Engineering
Jul 16, 2025 · Artificial Intelligence

Introducing A.S.E: The First Project‑Level AI Code Generation Security Evaluation Framework

The A.S.E (AI Code Generation Security Evaluation) framework provides a comprehensive, project‑level benchmark for assessing the safety, quality, and stability of AI‑generated code across multiple languages and vulnerability types, helping developers and researchers evaluate and improve large language model coding assistants.

AI code generationSoftware Securityopen source benchmark
0 likes · 7 min read
Introducing A.S.E: The First Project‑Level AI Code Generation Security Evaluation Framework
AntTech
AntTech
Aug 23, 2023 · Blockchain

Explorations in Web3 Ecosystem Security: Threat Landscape, Research Achievements, and Future Directions

The article reviews the rapid rise of Web3, outlines the severe security challenges and economic losses caused by attacks on cross‑chain bridges, DeFi platforms, and smart contracts, and details Ant Group's Sky Dome Lab research on platform, contract, and client‑side defenses along with future AI‑driven initiatives.

DeFiSmart ContractWeb3
0 likes · 9 min read
Explorations in Web3 Ecosystem Security: Threat Landscape, Research Achievements, and Future Directions
AntTech
AntTech
Apr 20, 2023 · Information Security

Exploring ChatGPT for Smart Contract Vulnerability Detection: Experiments and Analysis

This study investigates the capability of ChatGPT, a large language model, to detect common smart‑contract vulnerabilities, evaluates its performance against traditional tools across multiple datasets, and discusses its strengths, limitations, and future potential in blockchain security auditing.

AIChatGPTSmart Contract
0 likes · 23 min read
Exploring ChatGPT for Smart Contract Vulnerability Detection: Experiments and Analysis
AntTech
AntTech
Apr 19, 2023 · Information Security

ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure‑Aware Directed Greybox Fuzzing

The paper presents ODDFuzz, a structure‑aware directed greybox fuzzing framework that combines lightweight static taint analysis with targeted fuzzing to efficiently discover previously unknown Java deserialization (ODD) vulnerabilities, achieving higher recall and precision than existing tools and uncovering six new CVE‑rated bugs in popular Java frameworks.

DeserializationJavaODDFuzz
0 likes · 19 min read
ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure‑Aware Directed Greybox Fuzzing
vivo Internet Technology
vivo Internet Technology
Sep 21, 2022 · Information Security

Vivo Qianjing Cup Cybersecurity Challenge 2022 Launches

The 2022 Vivo Qianjing Cup Cybersecurity Challenge, launched on September 15 under the “Assemble! Geek Youth” theme, invites nationwide security enthusiasts to uncover vulnerabilities in Vivo products through online puzzles and an offline final, offering a 200,000‑yuan prize pool plus uncapped bounty rewards and judging by experts from AWS, Ant Group and leading universities.

cybersecurityinformation securityprivacy protection
0 likes · 5 min read
Vivo Qianjing Cup Cybersecurity Challenge 2022 Launches
OPPO Amber Lab
OPPO Amber Lab
Aug 23, 2022 · Information Security

Master CodeQL: From Setup to Advanced Vulnerability Queries

This guide introduces CodeQL, explains how to install the required tools, shows how to generate a source‑code database, and walks through basic and advanced rule syntax with practical C/C++ examples, enabling security researchers to efficiently discover vulnerabilities in large codebases.

CCodeQLCodeQL Queries
0 likes · 13 min read
Master CodeQL: From Setup to Advanced Vulnerability Queries
System Architect Go
System Architect Go
Mar 2, 2021 · Information Security

OS Command Injection

This article explains what OS command injection is, how it can be detected and exploited on both Linux and Windows systems, demonstrates common payloads and techniques—including blind and out‑of‑band methods—and provides best‑practice defenses to prevent such vulnerabilities.

OS command injectiondefense techniquesshell injection
0 likes · 10 min read
OS Command Injection
360 Tech Engineering
360 Tech Engineering
Nov 12, 2019 · Information Security

Improving Product Quality through Code Vulnerability Scanning and Deep Code Search

The article explains why and when to scan product code for vulnerabilities, describes static source‑code and binary scanning methods, introduces deep code‑search techniques, outlines the system architecture and incremental indexing pipeline, and shows how these practices can substantially raise overall product quality.

Code ScanningProduct QualitySphinx
0 likes · 13 min read
Improving Product Quality through Code Vulnerability Scanning and Deep Code Search
dbaplus Community
dbaplus Community
Jul 30, 2017 · Information Security

Building an Enterprise‑Grade Server Security Audit System: Design, Tools, and Implementation

This article outlines the motivation, design principles, architecture, component choices, and step‑by‑step implementation of a comprehensive server security audit system, covering server information collection, log gathering, access control checks, local vulnerability detection, abnormal traffic analysis, and integration with ELK, Hadoop, and open‑source tools like Lynis and OSSEC.

ELKLynisOSSEC
0 likes · 20 min read
Building an Enterprise‑Grade Server Security Audit System: Design, Tools, and Implementation