Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.
Matt Rose presents at RSAC 2023 on the mismatch between traditional app sec tools like SCA and modern supply chain threats. Here are highlights from his talk.
The surprising story of the hack of VoIP provider 3CX got even crazier this week. Here's what you need to know.
In a new ReversingLabs Software Supply Chain Risk Survey, IT pros say supply chain security poses an “enterprise-wide” risk that traditional app sec tools can't address.
One software supply chain attack caused another, making it a first for the industry. Also: Malware spreads via apps in the Google Play Store.
Software supply chain security is taking center-stage at RSAC 2023. Here are the talks you don't want to miss.
Secrets are increasingly exposed during software development, creating a field-day for malicious actors. Here are key takeaways from our special report series, Secrets Exposed.
The Python Software Foundation is very, very unhappy with the draft Cyber Resilience Act (CRA) and Product Liability Act (PLA).
There is so much to take in at RSAC. Cut through the noise with our list of threat-focused talks you don't want to miss.
Here's what the Open Software Supply Chain Attack Reference (OSC&R) framework move means in the short run — and long term.
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Déjà vu, but carry protection, dev teams traveling with credentials: Public-USB hacks could finally have gone rogue, per the FBI.
Here's why some security practitioners question the term — and what they think app sec teams should focus on instead.
Experts break down the incident, and explain how app sec tools are evolving to detect and prevent such attacks.