
Lessons from Log4Shell: 4 key takeaways for DevSecOps teams
The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations.

The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations.

It’s super easy to spoof Visual Studio Code extensions. And those spoofed extensions are incredibly hard to detect.

ChatGPT and Copilot are a clear and present danger to software security. Modernize your AppSec approach today

ReversingLabs’ YARA detection rule for Black Basta can help you find this ransomware in your environment.

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!

Get out in front of new compliance requirements for a competitive advantage. Here's what your software organization needs to know.

Security teams should consider software supply chain risk through a new lens after the latest CircleCI incident.

Learn how your organization can reduce cyber risks (as well as operational workload and tool costs) while ensuring data and file privacy. Plus, explore how your security team can reduce MTTD and prioritize malicious files for triage.
Application security is foundational to the software supply chain security ecosystem. But it takes a village. Derek Fisher explains in this fireside chat with Matt Rose.

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

...

The JsonWebToken library has a flaw that could have lead to remote code execution (RCE).

Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns.

In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.
Get your 14-day free trial of Spectra Assure for Software Supply Chain Security
Get Free TrialMore about Spectra Assure Free Trial