Application Security

20 open-source cybersecurity tools to keep your team ready for anything

20 open-source cybersecurity tools to keep your team ready for anything 2026-07-08 at 08:30 By Anamarija Pogorelec AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent […]

20 open-source cybersecurity tools to keep your team ready for anything Read More »

Nika: Open-source code analysis tool

Nika: Open-source code analysis tool 2026-07-01 at 09:00 By Mirko Zorz Many serious security bugs in web applications sit across several files at once. Request data enters through a controller, moves through data objects and service layers, and turns dangerous only when it reaches a sensitive operation such as a database query or a file

Nika: Open-source code analysis tool Read More »

Linux Foundation Unveils New Open Source Security Project Akrites

Linux Foundation Unveils New Open Source Security Project Akrites 2026-06-26 at 14:28 By Ionut Arghire It will provide the tools and channels to report, patch, and disclose open source software vulnerabilities. The post Linux Foundation Unveils New Open Source Security Project Akrites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Linux Foundation Unveils New Open Source Security Project Akrites Read More »

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking 2026-06-24 at 13:55 By Ionut Arghire The security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking Read More »

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure 2026-06-16 at 12:39 By Ionut Arghire Over two dozen organizations built a shared platform to triage vulnerabilities, fix them, and secure the software before patches arrive. The post Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure appeared first on SecurityWeek. This article is an excerpt

Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure Read More »

After AI Reaches Production: 12 Ways Security Teams Can Take Control

After AI Reaches Production: 12 Ways Security Teams Can Take Control 2026-06-10 at 14:22 By Joshua Goldfarb Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. The post After AI Reaches Production: 12 Ways Security Teams Can Take Control appeared first on

After AI Reaches Production: 12 Ways Security Teams Can Take Control Read More »

New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications

New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications 2026-06-09 at 18:18 By Kevin Townsend Atsign’s AI Architect applies cryptographic protections to agentic software development, aiming to prevent attackers from exploiting vulnerabilities by making application identities effectively invisible. The post New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications appeared first on SecurityWeek. This article

New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications Read More »

Known vulnerabilities behind most application security incidents

Known vulnerabilities behind most application security incidents 2026-06-03 at 07:40 By Anamarija Pogorelec Eight in ten organizations took an application security hit during the past year tied to a vulnerability their team had already cataloged, according to a survey of 902 IT and security professionals conducted by the Cloud Security Alliance. The pattern points to

Known vulnerabilities behind most application security incidents Read More »

Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis

Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis 2026-06-02 at 19:47 By Kevin Townsend As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on

Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis Read More »

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack 2026-05-25 at 10:56 By Ionut Arghire Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Read More »

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention 2026-05-21 at 14:22 By Ionut Arghire The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions. The post Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention appeared first on SecurityWeek. This

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention Read More »

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop 2026-05-20 at 17:48 By Kevin Townsend Digital.ai’s latest threat report warns that agentic AI has erased the distinction between emerging and primary targets, enabling attackers to strike mobile apps within hours of release across every industry. The post AI-Powered App Attacks Are Faster, More

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop Read More »

Boost Security Raises $4 Million for SDLC Defense Platform

Boost Security Raises $4 Million for SDLC Defense Platform 2026-05-07 at 18:29 By Ionut Arghire The company is expanding its platform’s capabilities with the acquisition of SecureIQx and Korbit.ai. The post Boost Security Raises $4 Million for SDLC Defense Platform appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Boost Security Raises $4 Million for SDLC Defense Platform Read More »

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking 2026-05-07 at 17:33 By Kevin Townsend Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms. The post Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking appeared first on

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking Read More »

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable 2026-04-28 at 15:22 By Kevin Townsend Agentic AI can be expensive to use, causing further and unpredictable pressure on tight budgets. The post Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable appeared first on SecurityWeek. This article is an

Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable Read More »

Axios NPM Package Breached in North Korean Supply Chain Attack

Axios NPM Package Breached in North Korean Supply Chain Attack 2026-04-01 at 11:46 By Ionut Arghire A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek. This article

Axios NPM Package Breached in North Korean Supply Chain Attack Read More »

TeamPCP Moves From OSS to AWS Environments

TeamPCP Moves From OSS to AWS Environments 2026-03-31 at 17:42 By Ionut Arghire After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

TeamPCP Moves From OSS to AWS Environments Read More »

Huskeys Emerges From Stealth With $8 Million in Funding

Huskeys Emerges From Stealth With $8 Million in Funding 2026-03-30 at 16:02 By Ionut Arghire The startup has built an edge security management (ESM) platform, an AI engine atop the entire edge security stack. The post Huskeys Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek. This article is an excerpt from

Huskeys Emerges From Stealth With $8 Million in Funding Read More »

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI 2026-03-25 at 14:00 By Ionut Arghire The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Read More »

Google slows Android sideloading to trip up scammers

Google slows Android sideloading to trip up scammers 2026-03-20 at 19:32 By Anamarija Pogorelec Google’s advanced flow for Android changes how apps from unverified developers are installed, adding steps to reduce scam-driven sideloading. The feature is aimed at experienced users and allows sideloading through a controlled, one-time setup. It addresses scam scenarios where attackers pressure

Google slows Android sideloading to trip up scammers Read More »

Scroll to Top