ClickFix: YARA Rules Catch What AV Misses
Learn about the antivirus detection gap — and how to develop a simple YARA rule using Spectra Analyze.
Featured
ClickFix: YARA Rules Catch What AV Misses
Axios: How AppSec teams should respond
Here's a mitigations checklist and best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.
How JPMC tackles software ‘trust debt’
JPMorgan Chase CISO Patrick Opet discussed his letter on third-party software risk — and how that has played out.
Latest
Axios: How AppSec teams should respond
Here's a mitigations checklist and best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.
ClickFix: YARA Rules Catch What AV Misses
Learn about the antivirus detection gap — and how to develop a simple YARA rule using Spectra Analyze.
How JPMC tackles software ‘trust debt’
JPMorgan Chase CISO Patrick Opet discussed his letter on third-party software risk — and how that has played out.
GenAI Security Project ramps up guidance
With AI ramping up risk, OWASP stepped up its project to help AppSec teams get up to speed — and take action.
AppSec as attacker: Inside Trivy–LiteLLM
The perimeter isn't your firewall — it's your CI/CD pipeline. Here’s what to know about TeamPCP's supply chain attack.
The TeamPCP supply chain attack evolves
The malicious campaign started with Trivy and Checkmarx and has shifted to LiteLLM — and now telnix. Here's how.
Decouple SIEM data to reshape your AppSec
Shift to a data security pipeline platform to get software visibility that modern supply chain threats demand.
How AI agents can weaponize IDEs
Research shows that AI coding can tap integrated development environments to become privileged insider threats.
Fake install logs in npm packages load RAT
The final-stage malware in the Ghost campaign is a RAT designed to steal crypto wallets and sensitive data.
Crypto group ushers in post-quantum security
Here’s a look at the Ethereum Foundation’s new PQC security effort — and why you need to modernize your SecOps.
OpenClaw lesson: AI agents are a black hole
AI agents create novel attack surfaces and control issues that require rethinking assumptions — and AppSec tooling.
How to Examine Polyglot Files with Spectra Analyze
Here's how to assess a sample using Spectra Analyze in your environment — and create a YARA rule.
Make Your SBOMs Actionable with PURLs
Learn how Package URLs improve vulnerability matching, which reduces alert fatigue and simplifies compliance.
OWASP adopts DockSec: Why it matters
OWASP has adopted the container security tool to slow information overload. Here’s what you need to know.
OpenClaw and AI risk: 3 AppSec lessons
The OpenClaw saga is a case study on the threat from agentic AI, showing how it increases software risk.