SEC action raises the bar on software transparency
Four firms have been fined for playing down how the SolarWinds attack impacted them. It’s part of a government push for greater supply chain transparency.
SEC action raises the bar on software transparency
AI-based fuzzing targets open-source LLM vulnerabilities
Google researchers using OSS-Fuzz have identified 26 vulnerabilities, but experts warn that AI fuzzing is not a panacea for AI/ML security.
Compromised ultralytics PyPI package delivers crypto coinminer
A compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware.
Secure Your AWS Environments: Go Beyond Traditional Tooling in 2025
Whether it is managing a data lake, orchestrating CI/CD pipelines, or safeguarding data, your security needs are evolving — and so must your strategy.
Malware found in Solana npm library raises the bar for crypto security
Two recent versions of the Solana web3.js open source library were infected with code to steal private keys, putting crypto platforms and wallets at risk.
.Net Devs Can Now Vet NuGet Packages with the Spectra Assure Community
The RL community's search interface allows software development teams to quickly assess risk before choosing or updating open source NuGet packages.
The state of AppSec tooling: Step up to modern software security
Organizations are struggling with outdated tools. Here's what you need to know about modernizing your AppSec tooling for today's supply chain threats.
Why shift left alone can't manage your software risk
The state of application security was on the agenda at the Elephant in AppSec Conference. One clear takeaway: Modern threats demand an all-in approach.
Software liability gets real: 5 ways to get ahead of the EU's new directive
Here's what your organization needs to know about the Product Liability Directive — and how to avoid any slip-ups.
Malicious PyPI crypto pay package aiocpa implants infostealer code
The incident demonstrates how machine learning-based threat hunting can help development teams spot threats other tools miss.
OWASP Top 10 for LLM adds risks: Get on target to secure your AI models
OWASP has updated its Top 10 list with key risk areas, and recently added an AppSec tooling guide for AI. Here's what they cover — and what they don't.
Differential analysis raises red flags over @lottiefiles/lottie-player
Three versions of the popular package were infected and used to spread malicious code that was stealing crypto wallet assets.
CISA's secure software deployment push: Key takeaways for AppSec teams
To avoid the next CrowdStrike fiasco, CISA and other agencies recommend embracing safe deployment practices earlier in the SDLC. Here's what you need to know.
Gauging the Safety Level of Your Software with Spectra Assure
Quickly understand the current level of software safety, which threats require immediate action, and how the other risks and exposures can be addressed over time.
AppSec vs. product security: Secure by Design demands a strategy shift
Here's why and how to push your application security further into ProdSec — and what that means to achieving the goals of CISA's Secure by Design.