Application Security

Webinar Today: Fact vs. Fiction – The Truth About API Security

Application Security, Webinar /

Webinar Today: Fact vs. Fiction – The Truth About API Security 2025-10-15 at 17:37 By SecurityWeek News Get practical guidance to protect APIs against the threats attackers are using right now. The post Webinar Today: Fact vs. Fiction – The Truth About API Security appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

React to this headline:

Loading spinner

Webinar Today: Fact vs. Fiction – The Truth About API Security Read More »

The diagnosis is in: Mobile health apps are bad for your privacy

Android, Application Security, cybersecurity, data security, healthcare, medical data, News /

The diagnosis is in: Mobile health apps are bad for your privacy 2025-10-15 at 07:40 By Sinisa Markovic Sensitive data is moving through Android healthcare apps without adequate protection. Researchers found that many transmit information without encryption, store files without safeguards, or share it through third-party components. Study design showing data collection, static security analysis

React to this headline:

Loading spinner

The diagnosis is in: Mobile health apps are bad for your privacy Read More »

GitHub Boosting Security in Response to NPM Supply Chain Attacks 

2FA, Application Security, authentication, GitHub, NPM, supply chain, Supply Chain Security /

GitHub Boosting Security in Response to NPM Supply Chain Attacks  2025-09-24 at 13:18 By Ionut Arghire GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing. The post GitHub Boosting Security in Response to NPM Supply Chain Attacks  appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

GitHub Boosting Security in Response to NPM Supply Chain Attacks  Read More »

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Application Security, Featured, NPM, Shai-Hulud, supply chain, Supply Chain Security, worm /

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit 2025-09-17 at 16:04 By Ionut Arghire The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

React to this headline:

Loading spinner

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit Read More »

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Application Security, Cryptocurrency, cryptojacking, Featured, NPM, supply chain, Supply Chain Security /

Highly Popular NPM Packages Poisoned in New Supply Chain Attack 2025-09-10 at 11:45 By Ionut Arghire Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments. The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Highly Popular NPM Packages Poisoned in New Supply Chain Attack Read More »

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

Application Security, GhostAction, GitHub, secrets sprawl, Supply Chain Security /

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets 2025-09-08 at 16:20 By Eduard Kovacs A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them. The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets Read More »

US, Allies Push for SBOMs to Bolster Cybersecurity

Application Security, CISA, guidance, Risk Management, SBOM /

US, Allies Push for SBOMs to Bolster Cybersecurity 2025-09-04 at 13:52 By Ionut Arghire SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency. The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

US, Allies Push for SBOMs to Bolster Cybersecurity Read More »

Five habits of highly secure development teams

Application Security, DevSecOps, Don't miss, News, Optiv Security, Privacy, software development, Video /

Five habits of highly secure development teams 2025-09-03 at 07:46 By Help Net Security In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, including default-deny architecture, privacy in the

React to this headline:

Loading spinner

Five habits of highly secure development teams Read More »

CISA Requests Public Feedback on Updated SBOM Guidance

Application Security, CISA, guidance, SBOM, Supply Chain Security /

CISA Requests Public Feedback on Updated SBOM Guidance 2025-08-25 at 13:54 By Ionut Arghire CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment. The post CISA Requests Public Feedback on Updated SBOM Guidance appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

CISA Requests Public Feedback on Updated SBOM Guidance Read More »

Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event)

Application Security, Featured, Vulnerabilities, vulnerability /

Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) 2025-08-16 at 16:58 By SecurityWeek News CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) appeared

React to this headline:

Loading spinner

Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) Read More »

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event)

Application Security, Featured, Vulnerabilities, vulnerability /

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) 2025-08-12 at 15:35 By SecurityWeek News Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual

React to this headline:

Loading spinner

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) Read More »

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds

Application Security, Featured, Vulnerabilities, vulnerability /

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds 2025-08-08 at 19:52 By SecurityWeek News Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds appeared first on SecurityWeek. This

React to this headline:

Loading spinner

CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds Read More »

Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications

AI, Application Security, Artificial Intelligence, Authentication Bypass, Base44, vibe coding, vulnerability, Wix /

Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications 2025-07-30 at 14:18 By Eduard Kovacs Base44 owner Wix quickly patched a critical authentication bypass vulnerability discovered by researchers at Wiz. The post Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications Read More »

Inside the application security crisis no one wants to talk about

Application Security, Cypress Data Defense, News, report, survey /

Inside the application security crisis no one wants to talk about 2025-07-29 at 07:50 By Anamarija Pogorelec Despite knowing the risks, most organizations are still shipping insecure software. That’s one of the stark findings from Cypress Data Defense’s 2025 State of Application Security report, which reveals a worsening crisis in software security. According to the

React to this headline:

Loading spinner

Inside the application security crisis no one wants to talk about Read More »

HeroDevs Raises $125 Million to Secure Deprecated OSS

Application Security, Cybersecurity Funding, funding, HeroDevs, open source, OSS /

HeroDevs Raises $125 Million to Secure Deprecated OSS 2025-07-24 at 16:45 By Ionut Arghire HeroDevs has received a $125 million strategic growth investment from PSG to secure enterprise security stacks. The post HeroDevs Raises $125 Million to Secure Deprecated OSS appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

HeroDevs Raises $125 Million to Secure Deprecated OSS Read More »

Your app is under attack every 3 minutes

Application Security, attacks, Contrast Security, cybersecurity, News, report /

Your app is under attack every 3 minutes 2025-07-24 at 11:57 By Help Net Security Application-layer attacks have become one of the most common and consequential methods adversaries use to gain access and compromise organizations, according to Contrast Security. These attacks target the custom code, APIs, and logic that power applications, often slipping past detection

React to this headline:

Loading spinner

Your app is under attack every 3 minutes Read More »

AI built it, but can you trust it?

Application Security, Artificial Intelligence, CISO, cybersecurity, DevSecOps, Don't miss, Features, Hot stuff, Minimus, News, software development /

AI built it, but can you trust it? 2025-07-07 at 09:02 By Mirko Zorz In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He also

React to this headline:

Loading spinner

AI built it, but can you trust it? Read More »

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain

Application Security, Cybersecurity Funding, funding, supply chain /

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain 2025-06-27 at 13:17 By Ionut Arghire RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software. The post RevEng.ai Raises $4.15 Million to Secure Software Supply Chain appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain Read More »

Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

Application Security, EntraID, Identity & Access, noAuth, SaaS /

Thousands of SaaS Apps Could Still Be Susceptible to nOAuth 2025-06-25 at 17:26 By Kevin Townsend New research suggests more than 10,000 SaaS apps could remain vulnerable to a nOAuth variant despite the basic issue being disclosed in June 2023. The post Thousands of SaaS Apps Could Still Be Susceptible to nOAuth appeared first on

React to this headline:

Loading spinner

Thousands of SaaS Apps Could Still Be Susceptible to nOAuth Read More »

91% noise: A look at what’s wrong with traditional SAST tools

Application Security, automation, cybersecurity, Don't miss, Ghost Security, News, report, scanning /

91% noise: A look at what’s wrong with traditional SAST tools 2025-06-19 at 07:32 By Mirko Zorz Traditional static application security testing (SAST) tools are falling short. That’s the key takeaway from a recent report that tested these tools against nearly 3,000 open-source code repositories. The results: more than 91% of flagged vulnerabilities were false

React to this headline:

Loading spinner

91% noise: A look at what’s wrong with traditional SAST tools Read More »

Scroll to Top