Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.
Hackers are having a field day targeting developers with supply chain attacks, which open doors to other compromises. Here's why — and what to do about it.
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Forward-thinking DevOps shops are doing it already. Isn’t it time your team got on board?
Robert Martin of MITRE and Cassie Crossley of Schneider Electric discuss how MITRE’s System of Trust helps operationalize software supply chain security.
From Indicators to Action: Streamlining Incident Response with Integrated Threat Intelligence in Sentinel
OWASP is expanding its Top 10 series with a list of large language model vulnerabilities. Here's what AppSec teams need to know.
The ReversingLabs YARA detection rule for HermeticRansom can help you find this ransomware in your environment.
CISA hosted SBOM-a-rama on Wednesday to move software bills of material — a list of ingredients for software and services — forward. Here are top takeaways and insights.
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
ConversingLabs caught up with Srinivasan to discuss how OpenSSF's Security Scorecard can aid developers in assessing open source software components for their projects.
Bad actors are finding secrets across the supply chain. Here are the key attack methods — and what's needed to prevent them.
Cl0p quietly tested the flaw for two years before launching the full exploit. Lesson: Look both ways before crossing.
Software vendors that do business with the government must prove they are practicing basic supply chain security. Here's a rundown on the requirements.