Application Security

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Application Security, Featured, NPM, Shai-Hulud, supply chain, Supply Chain Security, worm /

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit 2025-09-17 at 16:04 By Ionut Arghire The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit […]

React to this headline:

Loading spinner

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit Read More »

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Application Security, Cryptocurrency, cryptojacking, Featured, NPM, supply chain, Supply Chain Security /

Highly Popular NPM Packages Poisoned in New Supply Chain Attack 2025-09-10 at 11:45 By Ionut Arghire Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments. The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Highly Popular NPM Packages Poisoned in New Supply Chain Attack Read More »

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

Application Security, GhostAction, GitHub, secrets sprawl, Supply Chain Security /

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets 2025-09-08 at 16:20 By Eduard Kovacs A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them. The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets Read More »

US, Allies Push for SBOMs to Bolster Cybersecurity

Application Security, CISA, guidance, Risk Management, SBOM /

US, Allies Push for SBOMs to Bolster Cybersecurity 2025-09-04 at 13:52 By Ionut Arghire SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency. The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

US, Allies Push for SBOMs to Bolster Cybersecurity Read More »

Five habits of highly secure development teams

Application Security, DevSecOps, Don't miss, News, Optiv Security, Privacy, software development, Video /

Five habits of highly secure development teams 2025-09-03 at 07:46 By Help Net Security In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, including default-deny architecture, privacy in the

React to this headline:

Loading spinner

Five habits of highly secure development teams Read More »

CISA Requests Public Feedback on Updated SBOM Guidance

Application Security, CISA, guidance, SBOM, Supply Chain Security /

CISA Requests Public Feedback on Updated SBOM Guidance 2025-08-25 at 13:54 By Ionut Arghire CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment. The post CISA Requests Public Feedback on Updated SBOM Guidance appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

CISA Requests Public Feedback on Updated SBOM Guidance Read More »

Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event)

Application Security, Featured, Vulnerabilities, vulnerability /

Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) 2025-08-16 at 16:58 By SecurityWeek News CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) appeared

React to this headline:

Loading spinner

Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) Read More »

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event)

Application Security, Featured, Vulnerabilities, vulnerability /

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) 2025-08-12 at 15:35 By SecurityWeek News Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual

React to this headline:

Loading spinner

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) Read More »

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds

Application Security, Featured, Vulnerabilities, vulnerability /

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds 2025-08-08 at 19:52 By SecurityWeek News Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds appeared first on SecurityWeek. This

React to this headline:

Loading spinner

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds Read More »

Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications

AI, Application Security, Artificial Intelligence, Authentication Bypass, Base44, vibe coding, vulnerability, Wix /

Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications 2025-07-30 at 14:18 By Eduard Kovacs Base44 owner Wix quickly patched a critical authentication bypass vulnerability discovered by researchers at Wiz. The post Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications Read More »

Inside the application security crisis no one wants to talk about

Application Security, Cypress Data Defense, News, report, survey /

Inside the application security crisis no one wants to talk about 2025-07-29 at 07:50 By Anamarija Pogorelec Despite knowing the risks, most organizations are still shipping insecure software. That’s one of the stark findings from Cypress Data Defense’s 2025 State of Application Security report, which reveals a worsening crisis in software security. According to the

React to this headline:

Loading spinner

Inside the application security crisis no one wants to talk about Read More »

HeroDevs Raises $125 Million to Secure Deprecated OSS

Application Security, Cybersecurity Funding, funding, HeroDevs, open source, OSS /

HeroDevs Raises $125 Million to Secure Deprecated OSS 2025-07-24 at 16:45 By Ionut Arghire HeroDevs has received a $125 million strategic growth investment from PSG to secure enterprise security stacks. The post HeroDevs Raises $125 Million to Secure Deprecated OSS appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

HeroDevs Raises $125 Million to Secure Deprecated OSS Read More »

Your app is under attack every 3 minutes

Application Security, attacks, Contrast Security, cybersecurity, News, report /

Your app is under attack every 3 minutes 2025-07-24 at 11:57 By Help Net Security Application-layer attacks have become one of the most common and consequential methods adversaries use to gain access and compromise organizations, according to Contrast Security. These attacks target the custom code, APIs, and logic that power applications, often slipping past detection

React to this headline:

Loading spinner

Your app is under attack every 3 minutes Read More »

AI built it, but can you trust it?

Application Security, Artificial Intelligence, CISO, cybersecurity, DevSecOps, Don't miss, Features, Hot stuff, Minimus, News, software development /

AI built it, but can you trust it? 2025-07-07 at 09:02 By Mirko Zorz In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He also

React to this headline:

Loading spinner

AI built it, but can you trust it? Read More »

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain

Application Security, Cybersecurity Funding, funding, supply chain /

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain 2025-06-27 at 13:17 By Ionut Arghire RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software. The post RevEng.ai Raises $4.15 Million to Secure Software Supply Chain appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain Read More »

Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

Application Security, EntraID, Identity & Access, noAuth, SaaS /

Thousands of SaaS Apps Could Still Be Susceptible to nOAuth 2025-06-25 at 17:26 By Kevin Townsend New research suggests more than 10,000 SaaS apps could remain vulnerable to a nOAuth variant despite the basic issue being disclosed in June 2023. The post Thousands of SaaS Apps Could Still Be Susceptible to nOAuth appeared first on

React to this headline:

Loading spinner

Thousands of SaaS Apps Could Still Be Susceptible to nOAuth Read More »

91% noise: A look at what’s wrong with traditional SAST tools

Application Security, automation, cybersecurity, Don't miss, Ghost Security, News, report, scanning /

91% noise: A look at what’s wrong with traditional SAST tools 2025-06-19 at 07:32 By Mirko Zorz Traditional static application security testing (SAST) tools are falling short. That’s the key takeaway from a recent report that tested these tools against nearly 3,000 open-source code repositories. The results: more than 91% of flagged vulnerabilities were false

React to this headline:

Loading spinner

91% noise: A look at what’s wrong with traditional SAST tools Read More »

Before scaling GenAI, map your LLM usage and risk zones

Application Security, ArmorCode, Artificial Intelligence, cybersecurity, Don't miss, Features, generative AI, Hot stuff, Lakera, LLMs, News, OWASP, policy, Straiker, The Motley Fool /

Before scaling GenAI, map your LLM usage and risk zones 2025-06-17 at 08:46 By Mirko Zorz In this Help Net Security interview, Paolo del Mundo, Director of Application and Cloud Security at The Motley Fool, discusses how organizations can scale their AI usage by implementing guardrails to mitigate GenAI-specific risks like prompt injection, insecure outputs,

React to this headline:

Loading spinner

Before scaling GenAI, map your LLM usage and risk zones Read More »

Unpacking the security complexity of no-code development platforms

Application Security, code, cybersecurity, Don't miss, Features, Hot stuff, News, Nokod Security, software development /

Unpacking the security complexity of no-code development platforms 2025-06-13 at 09:02 By Mirko Zorz In this Help Net Security interview, Amichai Shulman, CTO at Nokod Security, discusses how the abstraction layer in no-code environments complicates security by obscuring data flow, identity propagation, and control logic. Shulman also addresses why vulnerabilities in no-code applications go far

React to this headline:

Loading spinner

Unpacking the security complexity of no-code development platforms Read More »

Security flaws in government apps go unpatched for years

Application Security, cybersecurity, News, report, software, survey, Veracode /

Security flaws in government apps go unpatched for years 2025-06-13 at 08:02 By Help Net Security 78% of public sector organizations are operating with significant security debt, flaws left unaddressed for more than a year, according to Veracode. 55% are burdened with ‘critical’ security debt, representing long-standing vulnerabilities with severe risk potential. Public sector flaw

React to this headline:

Loading spinner

Security flaws in government apps go unpatched for years Read More »

Scroll to Top