In February 2026, the nuclei-templates repository focused on security detection hardening rather than feature additions. The key work delivered a hardened CSP misconfiguration detection by refining matchers for weak CSP in HTTP headers, improving detection accuracy and risk visibility. This change lays groundwork for future detections and improves remediation speed for security issues.

August 2025: Focused on increasing detection accuracy and reducing false positives in credit card number detection within the nuclei-templates repo. Implemented a regex-based exclusion for floats whose fractional part matches a CC number, significantly reducing misclassification and noise in scans. This change improves reliability of financial data templates and delivers tangible business value by producing more trustworthy results for security teams and developers.

In May 2025, delivered the Bing Subscription Keys Detector for Trufflehog, expanding the platform's security coverage. The detector includes a Go-based scanner, a dedicated regex for identifying Bing subscription keys, and a verification function that queries Bing to validate detections. The detector is integrated into the main engine and the protobuf definitions were updated accordingly. This work was implemented in commit c3e668fa2fe13a14a2ccfce1fd93028f9e51717a (#4092). No major bugs were reported this month.

April 2025: Implemented Langfuse API Key Detection Scanner in trufflesecurity/trufflehog. The feature adds regex-based detection for public and secret keys and includes a verification step by calling Langfuse API to validate found keys. No major bugs reported this month. The initiative strengthens security scanning coverage and reduces risk of key exposure. Key technologies: regex, API integration, verification workflow, and CI/testing.