Marks & Spencer chair refuses to say if retailer paid hackers after ransomware attack
The retail giant’s chair confirmed the breach was caused by ransomware.
Security News | TechCrunch – Read More
New spyware strain steals data from Russian industrial companies
Moscow-based cybersecurity firm Kaspersky said the campaign has already affected over 100 victims across several dozen Russian organizations, but did not disclose the specific targets.
The Record from Recorded Future News – Read More
SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover
SAP has released patches for multiple insecure deserialization vulnerabilities in NetWeaver that could lead to full system compromise.
The post SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover appeared first on SecurityWeek.
SecurityWeek – Read More
Checking for Fraud: Texas Community Bank Nips Check Fraud in the Bud
Within months of implementing anti-fraud measures and automation, Texas National Bank prevented more than $300,000 in check fraud.
darkreading – Read More
Infostealers-as-a-Service Push Identity Hacks to Record Highs
Identity-based cyberattacks soar 156%, driven by cheap Phishing-as-a-Service & infostealer malware. Learn how criminals bypass MFA to steal credentials, access bank accounts, and compromise business emails.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Qantas Hit with Extortion Demand After Data Breach
The Australian airline says a cybercriminal attempted to extort it after customer data was stolen from a contact center.
The post Qantas Hit with Extortion Demand After Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Exploits, Technical Details Released for CitrixBleed2 Vulnerability
Researchers released technical information and exploit code targeting a critical vulnerability (CVE-2025-5777) in Citrix NetScaler.
The post Exploits, Technical Details Released for CitrixBleed2 Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Pakistan’s Transparent Tribe Hits Indian Defence with Linux Malware
Pakistan’s APT36 Transparent Tribe uses phishing and Linux malware to target Indian defence systems running BOSS Linux says Cyfirma.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia.
The activity, per cybersecurity vendor Kaspersky, has been active since July 2024.
“The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract,” the Russian company said. “The main goal of the
The Hacker News – Read More
xvulnhuntr
In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis.
The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models.
The table below summarizes the top LLMs by context window as of today. Context windows significantly increased, compared to an average of 32.000 tokens last year. However, we are still a few orders of magnitude away from being able to feed entire code bases to LLMs.
| Model | Tokens | Open Weight |
| Gemini 1.5 Pro (Google) | 2.000.000 | No |
| GPT 4.1 | 1.000.000 | No |
| Claude (Anthropic) | 200.000 | No |
| DeepSeek | 128.000 | Yes |
| LLAMA 3.1 | 128.000 | Yes |
Later in the year a tool named vulnhuntr was published (https://github.com/protectai/vulnhuntr). The tool approached limited context windows by performing source code analysis from source to sink and providing code blocks of the call chains iteratively in a multi-step process. Initially the LLM is fed code blocks for a set of files (e.g. sources where API entry points are defined). Then it literally asks for code blocks of functions and classes which are required for the analysis.
In addition to the clever approach, a track record of discovered vulnerabilities was published, making the tool even more appealing.
There is one relevant limitation though: only python code bases are supported. It is in fact very difficult to statically determine the call chain from source to sink for non-typed languages.
We decided that it was worth extending the tool to support additional languages. Therefore we created xvulnhuntr (https://github.com/CompassSecurity/xvulnhuntr), a fork of the original project where the ‘x’ stands for extended.
Xvulnuhntr also supports C#, Java and Go. For each language, there is a dedicated tool developed in the corresponding language. Given a repository path and a class or function name in input, the tool returns a json with the file name for the match and the source code of the code block matching the function/class name. This modular approach allows to easily extend support to other typed languages.
In addition, we intentionally put additional effort into making xvulnhuntr easier for developers to contribute to. Compared to the original project, it is possible to run xvulnhuntr against a local test suite, mocking API responses. This provides multiple advantages:
- reproducibility: while LLMs are not deterministic (even with temperature set to zero), mocked responses allow easier debugging
- speed: mocked responses avoid latency from the LLM provider
- cost reduction: no need to waste tokens during development
Next Steps
We primarily focused on the development of the tool. We expect refinements and bugs to come up as the tool is used against a variety of code bases. We are also interested in evaluating how analysis from different LLM providers compare to each other. Finally, we welcome and encourage contributions. Until then, happy LLM-powered hacking!
Compass Security Blog – Read More