LLMmap puts its finger on ML attacks

Researchers show how LLM fingerprinting can be used to automate generation of customized attacks.

Read More about LLMmap puts its finger on ML attacks

LLMmap puts its finger on ML attacks

QR Code Phishing Evolves: How to Keep Up

Here's what you need to know about the rise of quishing — and how your threat hunting team can get out in front of it.

Read More about QR Code Phishing Evolves: How to Keep Up

QR Code Phishing Evolves: How to Keep Up

Vibeware: More than bad vibes for AppSec

Threat actors are leveraging the freewheeling vibe-coding trend to deliver malicious software at scale.

Read More about Vibeware: More than bad vibes for AppSec

Vibeware: More than bad vibes for AppSec

The CRA is coming: Are you ready?

Here's how the EU's Cyber Resilience Act will reshape the software industry — and how that accelerates advantages.

Read More about The CRA is coming: Are you ready?

The CRA is coming: Are you ready?

Why RL Built Spectra Assure Community

We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.

Read More about Why RL Built Spectra Assure Community

Why RL Built Spectra Assure Community

Graphalgo fake recruiter campaign returns

An attack targeting crypto developers has been respawned — with an LLC and new techniques.

Read More about Graphalgo fake recruiter campaign returns

Graphalgo fake recruiter campaign returns

Claude Mythos: Get your AppSec game on

Anthropic's new AI is a 'step change' for exposing software flaws — but also ramps up exploits. Are you ready?

Read More about Claude Mythos: Get your AppSec game on

Claude Mythos: Get your AppSec game on

28 application security stats that matter

AI and open source are redefining the software threat landscape. Here are the key statistics you need to know.

Read More about 28 application security stats that matter

28 application security stats that matter

Axios: How AppSec teams should respond

Here's a mitigations checklist and best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.

Read More about Axios: How AppSec teams should respond

Axios: How AppSec teams should respond

ClickFix: YARA Rules Catch What AV Misses

Learn about the antivirus detection gap — and how to develop a simple YARA rule using Spectra Analyze.

Read More about ClickFix: YARA Rules Catch What AV Misses

ClickFix: YARA Rules Catch What AV Misses

How JPMC tackles software ‘trust debt’

JPMorgan Chase CISO Patrick Opet discussed his letter on third-party software risk — and how that has played out.

Read More about How JPMC tackles software ‘trust debt’

How JPMC tackles software ‘trust debt’

GenAI Security Project ramps up guidance

With AI ramping up risk, OWASP stepped up its project to help AppSec teams get up to speed — and take action.

Read More about GenAI Security Project ramps up guidance

GenAI Security Project ramps up guidance

AppSec as attacker: Inside Trivy–LiteLLM

The perimeter isn't your firewall — it's your CI/CD pipeline. Here’s what to know about TeamPCP's supply chain attack.

Read More about AppSec as attacker: Inside Trivy–LiteLLM

AppSec as attacker: Inside Trivy–LiteLLM

The TeamPCP supply chain attack evolves

The malicious campaign started with Trivy and Checkmarx and has shifted to LiteLLM — and now telnix. Here's how.

Read More about The TeamPCP supply chain attack evolves

The TeamPCP supply chain attack evolves

Decouple SIEM data to reshape your AppSec

Shift to a data security pipeline platform to get software visibility that modern supply chain threats demand.

Read More about Decouple SIEM data to reshape your AppSec

Decouple SIEM data to reshape your AppSec