Application Security

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure

Application Security, Athena, Chainguard, Coalition, open source, OSS, Vulnerabilities /

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure 2026-06-16 at 12:39 By Ionut Arghire Over two dozen organizations built a shared platform to triage vulnerabilities, fix them, and secure the software before patches arrive. The post Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure appeared first on SecurityWeek. This article is an excerpt […]

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure Read More »

After AI Reaches Production: 12 Ways Security Teams Can Take Control

AI, Application Security, Artificial Intelligence, SDLC, Visibility /

After AI Reaches Production: 12 Ways Security Teams Can Take Control 2026-06-10 at 14:22 By Joshua Goldfarb Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. The post After AI Reaches Production: 12 Ways Security Teams Can Take Control appeared first on

After AI Reaches Production: 12 Ways Security Teams Can Take Control Read More »

New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications

AI, Application Security, appsec, Artificial Intelligence, vibe coding /

New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications 2026-06-09 at 18:18 By Kevin Townsend Atsign’s AI Architect applies cryptographic protections to agentic software development, aiming to prevent attackers from exploiting vulnerabilities by making application identities effectively invisible. The post New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications appeared first on SecurityWeek. This article

New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications Read More »

Known vulnerabilities behind most application security incidents

Application Security, Cloud Security Alliance, cybersecurity, News, report, vulnerability management /

Known vulnerabilities behind most application security incidents 2026-06-03 at 07:40 By Anamarija Pogorelec Eight in ten organizations took an application security hit during the past year tied to a vulnerability their team had already cataloged, according to a survey of 902 IT and security professionals conducted by the Cloud Security Alliance. The pattern points to

Known vulnerabilities behind most application security incidents Read More »

Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis

AI, Application Security, Vulnerabilities /

Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis 2026-06-02 at 19:47 By Kevin Townsend As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on

Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis Read More »

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

Application Security, Featured, GitHub, Megalodon, supply chain attack, Supply Chain Security /

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack 2026-05-25 at 10:56 By Ionut Arghire Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Read More »

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention

apple, Apple App Store, Application Security, fraud /

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention 2026-05-21 at 14:22 By Ionut Arghire The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions. The post Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention appeared first on SecurityWeek. This

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention Read More »

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop

Application Security, Artificial Intelligence /

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop 2026-05-20 at 17:48 By Kevin Townsend Digital.ai’s latest threat report warns that agentic AI has erased the distinction between emerging and primary targets, enabling attackers to strike mobile apps within hours of release across every industry. The post AI-Powered App Attacks Are Faster, More

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop Read More »

Boost Security Raises $4 Million for SDLC Defense Platform

Application Security, Boost Security, Cybersecurity Funding, funding, SDLC /

Boost Security Raises $4 Million for SDLC Defense Platform 2026-05-07 at 18:29 By Ionut Arghire The company is expanding its platform’s capabilities with the acquisition of SecureIQx and Korbit.ai. The post Boost Security Raises $4 Million for SDLC Defense Platform appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Boost Security Raises $4 Million for SDLC Defense Platform Read More »

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

AI, Application Security, Claude Code, OAuth, Vulnerabilities /

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking 2026-05-07 at 17:33 By Kevin Townsend Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms. The post Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking appeared first on

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking Read More »

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable

Application Security /

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable 2026-04-28 at 15:22 By Kevin Townsend Agentic AI can be expensive to use, causing further and unpredictable pressure on tight budgets. The post Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable appeared first on SecurityWeek. This article is an

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable Read More »

Axios NPM Package Breached in North Korean Supply Chain Attack

Application Security, Axios, Featured, North Korea, NPM, supply chain attack, Supply Chain Security /

Axios NPM Package Breached in North Korean Supply Chain Attack 2026-04-01 at 11:46 By Ionut Arghire A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek. This article

Axios NPM Package Breached in North Korean Supply Chain Attack Read More »

TeamPCP Moves From OSS to AWS Environments

Application Security, AWS, cloud security, supply chain attack, TeamPCP /

TeamPCP Moves From OSS to AWS Environments 2026-03-31 at 17:42 By Ionut Arghire After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

TeamPCP Moves From OSS to AWS Environments Read More »

Huskeys Emerges From Stealth With $8 Million in Funding

Application Security, Cybersecurity Funding, funding, Huskeys /

Huskeys Emerges From Stealth With $8 Million in Funding 2026-03-30 at 16:02 By Ionut Arghire The startup has built an edge security management (ESM) platform, an AI engine atop the entire edge security stack. The post Huskeys Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek. This article is an excerpt from

Huskeys Emerges From Stealth With $8 Million in Funding Read More »

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

Application Security, Featured, Lapsus$, Malware & Threats, NPM, OSS, PyPI, supply chain attack, TeamPCP /

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI 2026-03-25 at 14:00 By Ionut Arghire The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Read More »

Google slows Android sideloading to trip up scammers

Android, Application Security, Google, News, scams, software development /

Google slows Android sideloading to trip up scammers 2026-03-20 at 19:32 By Anamarija Pogorelec Google’s advanced flow for Android changes how apps from unverified developers are installed, adding steps to reduce scam-driven sideloading. The feature is aimed at experienced users and allows sideloading through a controlled, one-time setup. It addresses scam scenarios where attackers pressure

Google slows Android sideloading to trip up scammers Read More »

Raven Emerges From Stealth With $20 Million in Funding

Application Security, Cybersecurity Funding, emerge from stealth, funding, Raven /

Raven Emerges From Stealth With $20 Million in Funding 2026-03-19 at 13:32 By Ionut Arghire Raven’s platform observes applications at runtime to detect anomalous behavior and prevent cyberattacks. The post Raven Emerges From Stealth With $20 Million in Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Raven Emerges From Stealth With $20 Million in Funding Read More »

ENISA advisory examines package manager security risks

Application Security, Artificial Intelligence, automation, cybersecurity, ENISA, News, software development /

ENISA advisory examines package manager security risks 2026-03-12 at 15:24 By Anamarija Pogorelec Developers install external libraries with a single command, and that step can introduce more code than expected into a project environment. Dependency resolution inside package managers extends software supply chains across large collections of external components. ENISA’s Technical Advisory for Secure Use

ENISA advisory examines package manager security risks Read More »

AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities

Application Security, Artificial Intelligence, attacks, Compliance, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, News, opinion, security testing, software development, StackHawk /

AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities 2026-02-26 at 07:35 By Mirko Zorz In this Help Net Security interview, Joni Klippert, CEO at StackHawk, discusses what defines DAST coverage in 2026 and why scan completion does not equal security. She explains how AI-driven DAST testing automates attack surface discovery, supports business-logic testing in

AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities Read More »

VS Code Configs Expose GitHub Codespaces to Attacks

Application Security, GitHub, GitHub Codespaces, Vulnerabilities, vulnerability /

VS Code Configs Expose GitHub Codespaces to Attacks 2026-02-05 at 16:59 By Ionut Arghire VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request. The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

VS Code Configs Expose GitHub Codespaces to Attacks Read More »

Scroll to Top