Dependency remediation bolstered with CVE Lite CLI
OWASP's new dependency scanner gives developers actionable fixes. But today's supply chain attacks aren’t in any advisory database.
AppSec & Supply Chain Security
Dependency remediation bolstered with CVE Lite CLI
Get ahead of frontier AI: 5 AppSec strategy upgrades
Frontier AI is collapsing the time from vulnerability discovery to exploit. Here are 5 ways to update your AppSec before it hits.
CVE noise drowns out supply chain threats
48,000 CVEs were reported in 2025 — but just 58 were critical. A new report highlights why signal-to-noise ratio matters for AppSec.
5 lessons from vulnerability management's front lines
VM success is determined by findings reaching developers with context — which is getting more challenging. Here's why to shift gears.
Dependency attack takes down ed-tech platform at scale
The Canvas LMS supply chain compromise — which hit during finals week — shows the impact of cascading attacks.
GitHub breach: The development ecosystem is in the hot seat
This TeamPCP attack is a serious wakeup call about software supply chain security — and the problems with implicit trust.
AI agents are the new insider threat
AI security leader and author Steve Wilson explains why you need to rethink security — and treat AI agents as digital workers.
Shai-Hulud code drop: It’s open season for attacks
The npm malware's public release provides a ready-made blueprint for threat actors. Take action on supply chain security.
Think AI agents are risky? Your underlying stack is too
To manage agentic AI risk, organizations need to focus more on the infrastructure they run on.
Mini Shai-Hulud tears at OSS trust
This latest compromises of popular and infrastructure-level npm packages are rocking the foundations open source.
Selective NVD enrichment: Why it matters
AI vulnerability reporting is overwhelming teams — and NIST. But for AppSec, scaling back analysis is cause for alarm.
How Mythos changes the AppSec calculus
Here are the facts on Claude Mythos — and why a layered application security framework is essential.
How agentic AI flips the trust model
As AppSec shifts focus from the components to data, your strategy needs updating. Are you on top of your trust debt?
MCP rug-pull attack worries mount
This new class of AI tool supply chain attack highlights how trust of agents can be exploited.
Can AppSec keep pace with AI coding?
AI lets software teams generate code at a rate faster than security can validate it. One way to win the race: more AI.