InfoSecBulletin Cybersecurity for mankind
Google has announced Vanir, an open-source tool for detecting and fixing security vulnerabilities, publicly available for developers.
Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source Vulnerabilities (OSV) together with their corresponding signatures so that users can transparently scan missing patches for an up-to-date list of CVEs.
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Code
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw
Cyber attack disrupts several European airports: check-in and boarding systems affected
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
Vanir, originally designed for Android, provides an effective way to manage security patches for various devices and software versions. As Google’s blog states, “This strengthens the security of the Android ecosystem, helping to keep Android users around the world safe.”
What sets Vanir apart?
Source-Code-Based Static Analysis: Instead of using potentially inaccurate metadata, Vanir examines the source code directly, offering a more precise and thorough analysis.
Automated Patch Identification: Vanir automates the time-consuming task of finding missing patches, saving both time and resources.
Versatility: Although made for Android, Vanir can easily be used in other systems, making it a valuable asset across the software development landscape.
“A main focus of Vanir is to automate the time consuming and costly process of identifying missing security patches in the open source software ecosystem,” Google emphasizes in their blog.
Early Success and Future Potential:
Early use of Vanir has shown great results. Google states that one engineer generated signatures for over 150 vulnerabilities and verified missing security patches in just five days using Vanir.
Vanir’s open-source nature encourages teamwork and innovation in security. “By open-sourcing Vanir, we aim to empower the broader security community to contribute to and benefit from this tool, enabling wider adoption and ultimately improving security across various ecosystems,” says Google.
