What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
The Register on MSN

This dev made a llama with three inference engines

Meet llama3pure, a set of dependency-free inference engines for C, Node.js, and JavaScript Developers looking to gain a ...
IEEE

LLM-Guided Mutation Location Selection for Vulnerability-Aware JavaScript Engine Fuzzing

Abstract: Modern JavaScript engines employ multi-tier JIT compilation for high performance, but these aggressive optimizations often introduce subtle and hard-to-detect security vulnerabilities.
GitHub

Building an Intent-Aware Engine to Audit Massive OpenAPI Specs —Fully In-Browser

We've all been there: you drop a 15MB swagger.json file into a viewer. It takes 10 seconds to render. You search for "admin" to audit security. You find 400 matches. 398 of them are admin_id fields in ...
IEEE

BCFuzz: Bytecode-Driven Fuzzing for JavaScript Engines

Abstract: The interpreter and the Just-In-Time (JIT) compiler are two core components of modern JavaScript engines, both of which take bytecodes as input. Most bugs in these components are closely ...