cyberfeed.io — security news aggregator

To Unpack or Not to Unpack: Living with Packers to Enable Dynamic Analysis of Android Apps

cs.CR updates on arXiv.org • 2025-09-23 • arxiv.org

arXiv:2509.16340v1 Announce Type: new Abstract: Android apps have become a valuable target for app modifiers and imitators due to its popularity and being trusted with highly sensitive data. Packers, on the other hand, protect apps from tampering with various anti-analysis techniques embedded in the app. Meanwhile, packers also conceal certain behavior potentially against the interest of the users, aside from being abused by malware for stealth. Security practitioners typically try to capture...

#malware #dast

SeCodePLT: A Unified Platform for Evaluating the Security of Code GenAI

cs.CR updates on arXiv.org • 2025-09-22 • arxiv.org

arXiv:2410.11096v2 Announce Type: replace Abstract: Existing benchmarks for evaluating the security risks and capabilities (e.g., vulnerability detection) of code-generating large language models (LLMs) face several key limitations: (1) limited coverage of risk and capabilities; (2) reliance on static evaluation metrics such as LLM judgments or rule-based detection, which lack the precision of dynamic analysis; and (3) a trade-off between data quality and benchmark scale. To address these...

#security-tools #vulnerability #detection-engineering #ai #dast

Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2025

Cyber Security News • 2025-09-18 • cybersecuritynews.com

Dynamic Application Security Testing (DAST) platforms have become fundamental for safeguarding web applications as digital assets and attack surfaces scale in both size and complexity. The modern DAST landscape is shaped by increased API adoption, rapid deployment cycles, and the rise of AI-driven vulnerabilities, making 2025 a turning point for intelligent, automated security solutions. This

#vulnerability #incident #security-testing #dast

How would you filter out false positives from SAST DAST tools (been asked a lot times during appsec interviews)?

cybersecurity • 2025-09-11 • www.reddit.com

My generic answer is that I will start from the tools themselves and how much noise they create. Choosing a tool that generates least false positives should be the 1st step. Next step is to ensure how customizable each tool is in making rules. But seriously, what's the right answer to it? submitted by /u/Horror_Business1862 [link] [comments]

#security-tools #sast #dast

Signal-Based Malware Classification Using 1D CNNs

cs.CR updates on arXiv.org • 2025-09-10 • arxiv.org

arXiv:2509.06548v2 Announce Type: replace Abstract: Malware classification is a contemporary and ongoing challenge in cyber-security: modern obfuscation techniques are able to evade traditional static analysis, while dynamic analysis is too resource intensive to be deployed at a large scale. One prominent line of research addresses these limitations by converting malware binaries into 2D images by heuristically reshaping them into a 2D grid before resizing using Lanczos resampling. These images...

#malware #sast #dast

SaMOSA: Sandbox for Malware Orchestration and Side-Channel Analysis

cs.CR updates on arXiv.org • 2025-08-21 • arxiv.org

arXiv:2508.14261v1 Announce Type: new Abstract: Cyber-attacks on operational technology (OT) and cyber-physical systems (CPS) have increased tremendously in recent years with the proliferation of malware targeting Linux-based embedded devices of OT and CPS systems. Comprehensive malware detection requires dynamic analysis of execution behavior in addition to static analysis of binaries. Safe execution of malware in a manner that captures relevant behaviors via side-channels requires a sandbox...

#malware #detection-engineering #sast #dast