Here's what you need to know about third-party risk management — and why to prioritize comprehensive supply chain security.
Read More about Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail
Automations, integrations, and usability improved
Read More about New Features for ReversingLabs TitaniumScale, Version 3.4
Tracking StealC's Rise: How YARA Rules Help Uncover a New Breed of Information Stealers
Read More about From the Labs: YARA Rule for Detecting StealC
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
Read More about Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks.webp&w=3840&q=75)
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Third-party breach exposes customer to LockBit, countries team to block DDoS
Here's how to use basic HTML to dress up your security incidents
Read More about Give your Microsoft Sentinel incidents some style
C’mon, dev teams — it's about time to get serious about memory safety, XSS and SQLi.
Read More about Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Third-party compromise lands pilot data from American, Southwest airlines
It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.
Read More about Hackers breached UPS data for SMS phish spree
Hackers are having a field day targeting developers with supply chain attacks, which open doors to other compromises. Here's why — and what to do about it.
Read More about 5 reasons why cyber attackers love software developers
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)
Forward-thinking DevOps shops are doing it already. Isn’t it time your team got on board?
Read More about Passkeys standard: Time to add it to your dev plans?
Robert Martin of MITRE and Cassie Crossley of Schneider Electric discuss how MITRE’s System of Trust helps operationalize software supply chain security.
Read More about MITRE’s System of Trust: A discussion about standardizing software supply chain risk
From Indicators to Action: Streamlining Incident Response with Integrated Threat Intelligence in Sentinel
Read More about How to Investigate Security Incidents with Threat Intelligence in Microsoft Sentinel
OWASP is expanding its Top 10 series with a list of large language model vulnerabilities. Here's what AppSec teams need to know.
Read More about OWASP Top 10 for LLM Applications: Can AI risk be tamed?