Blog

AI coding assistants are reducing simple security flaws, but SAST tools need better context and agent integration to catch what remains.

Evaluate Snyk alternatives that solve alert fatigue and false positives while driving remediation. Compare developer-friendly AppSec platforms, open source tools, and runtime solutions.

Learn why this malware attack vector is a big risk for open source software consumers.

MCP servers inherit classical vulnerabilities like command injection, path traversal, and SSRF. Here's why LLMs and MCP deserve the same security practices as traditional applications.

101 packages disguised as font files distributed 34 TiB of data via npm's infrastructure—with a total of 4.3 PiB transferred via downloads.

Most breaches aren’t CVEs. Learn how subtle code and config changes caused real incidents, and why AI-aware code review is now critical.

Multiple Vulnerabilities Fixed in the Node.js Runtime

Attackers weaponized n8n's community nodes to steal credentials

Critical Host Header Validation Bypass in the Undertow

Critical vulnerability requires upgrade to jsPDF 4.0.0

Endor Labs integrates with Cursor hooks to detect malicious packages before AI agents install dependencies, preventing supply chain attacks at the moment of risk.

CVE-2025-13780 is a critical vulnerability in pgAdmin 4 where whitespace characters bypass regex filters, a common failure mode in input validation.

Treating a security patch as a signal, not a conclusion, led us to discover how arbitrary file writes became remote code execution in Argo Workflows.

See how Endor Labs brings developer-friendly security to life with real demo clips. Watch how vulnerabilities are prevented, prioritized, and fixed—right inside IDEs, PRs, pipelines, and Jira.

AI coding tools promise speed, but hidden security burdens drain developer productivity. Learn how context-aware AppSec cuts noise, boosts velocity, and improves DX.

React and Next.js contain a critical RCE vulnerability

A breakdown of npm worms, how Shai-Hulud spread across the ecosystem, and the key security practices every team needs to prevent large-scale compromise.

Analysis of Shai-Hulud 2, a new npm supply chain attack

A look at the 2025 update to the OWASP Top 10, the most significant update since 2021

Endor Labs celebrates emerging AppSec talent at OWASP Global AppSec, highlighting Bryce’s Space Badge and investing in his future with a $5,000 scholarship.

Cut through duplicate alerts by mapping findings from static and dynamic analysis, so teams can focus on remediating the vulnerabilities that matter.

Endor Labs AI SAST detects business logic flaws and reduces false positives by up to 95% by orchestrating multiple AI agents to review code.

Together Endor Labs and Upwind deliver complete visibility across code and cloud for strong security posture management across the SLDC.

How a sophisticated spam campaign hijacked popular NPM packages with Indonesian food names as part of a global software supply chain attack.