Blog

Semgrep alternatives for AppSec teams compared: Endor Labs, SonarQube, Snyk, Checkmarx, and 6 more tools ranked by accuracy, coverage, and noise reduction.

Black Duck alternatives for SCA with less noise. Compare Endor Labs, Snyk, Checkmarx, Veracode, Mend, Semgrep, and FOSSA on reachability and scan speed.

Application security tools compared for 2026. Eight platforms evaluated on reachability analysis, false positive rates, AI-code scanning, and pricing.

The malicious Python package pyronut copies the entire project description and code of the popular pyrogram Telegram framework to pass itself off as the real thing, while silently installing a runtime backdoor that grants the attacker arbitrary Python and shell command execution on every victim's machine.

The Glassworm threat attacker took over the npm account of a maintainer

Endor Labs has partnered with Zscaler to bring Zero Trust to the AI-native software supply chain

The EU Cyber Resilience Act shifts software liability to vendors, requiring continuous vulnerability management and security updates across the product lifecycle.

We detected 88 malicious open source packages on npm

Endor Labs and Cloudsmith combine deep vulnerability intelligence with artifact governance to secure the modern software and AI supply chain.

AURI shifts security into the architecture of agentic coding with free tools for developers and agents to detect vulnerabilities, block malware, and fix security bugs.

We discovered a serious RCE in Ghost CMS

Endor Labs researcher found CVE-2026-27959 in Koa

Anthropic’s announcement of Claude Code Security validates that application security is the critical frontier in agentic software development and cybersecurity.

SANDWORM_MODE: Dissecting a Multi-Stage npm Supply Chain Attack

Critical vulnerability in fast-xml-parser allows injection attacks

How Endor Labs' AI SAST engine identified a path traversal vulnerability in OpenClaw's apply_patch tool tracked as (GHSA-r5fq-947m-xm57)

A compromised release of the popular Cline CLI npm package silently installs OpenClaw globally on any machine.

We discovered six vulnerabilities in OpenClaw using Endor Labs’ AI SAST data flow analysis and validated working exploits.

As CVEs surge and AI speeds delivery, container OS reachability is key to reducing noise and real AppSec risk.

Cut container vulnerability noise by up to 90% with full-stack reachability analysis spanning application and container image OS layers.

How Endor Labs AI SAST identified 7 exploitable vulnerabilities in OpenClaw through accurate data flow analysis and systematic exploit validation.

AI coding assistants are introducing systemic architectural weaknesses that have major consequences for application security.

AI is reshaping software development. Learn how security can become invisible guardrails inside the AI SDLC, so teams move faster without compromising safety.

Use a “test-first” prompting pattern to improve AI-generated code security through test-driven development (TDD).

CVE in n8n allows unauthenticated users to achieve remote code execution (RCE) via sandbox escape.