Dependency attack takes down ed-tech platform at scale
The Canvas LMS supply chain compromise — which hit during finals week — shows the impact of cascading attacks.
AppSec & Supply Chain Security
Dependency attack takes down ed-tech platform at scale
GitHub breach: The development ecosystem is in the hot seat
This TeamPCP attack is a serious wakeup call about software supply chain security — and the problems with implicit trust.
AI agents are the new insider threat
AI security leader and author Steve Wilson explains why you need to rethink security — and treat AI agents as digital workers.
Shai-Hulud code drop: It’s open season for attacks
The npm malware's public release provides a ready-made blueprint for threat actors. Take action on supply chain security.
Think AI agents are risky? Your underlying stack is too
To manage agentic AI risk, organizations need to focus more on the infrastructure they run on.
Mini Shai-Hulud tears at OSS trust
This latest compromises of popular and infrastructure-level npm packages are rocking the foundations open source.
Selective NVD enrichment: Why it matters
AI vulnerability reporting is overwhelming teams — and NIST. But for AppSec, scaling back analysis is cause for alarm.
How Mythos changes the AppSec calculus
Here are the facts on Claude Mythos — and why a layered application security framework is essential.
How agentic AI flips the trust model
As AppSec shifts focus from the components to data, your strategy needs updating. Are you on top of your trust debt?
MCP rug-pull attack worries mount
This new class of AI tool supply chain attack highlights how trust of agents can be exploited.
Can AppSec keep pace with AI coding?
AI lets software teams generate code at a rate faster than security can validate it. One way to win the race: more AI.
LLMmap puts its finger on ML attacks
Researchers show how LLM fingerprinting can be used to automate generation of customized attacks.
Vibeware: More than bad vibes for AppSec
Threat actors are leveraging the freewheeling vibe-coding trend to deliver malicious software at scale.
The CRA is coming: Are you ready?
Here's how the EU's Cyber Resilience Act will reshape the software industry — and how that accelerates advantages.
Claude Mythos: Get your AppSec game on
Anthropic's new AI is a 'step change' for exposing software flaws — but also ramps up exploits. Are you ready?