AppSec & Supply Chain Security

May 14, 2026

Shai-Hulud code drop: It’s open season for supply chain attacks

The malware's public release provides a blueprint for threat actors. Take action on supply chain security.

Read More about Shai-Hulud code drop: It’s open season for supply chain attacks

Shai-Hulud code drop: It’s open season for supply chain attacks

May 13, 2026

Think AI agents are risky? Your underlying stack is too

To manage agentic AI risk, organizations need to focus more on the infrastructure they run on.

Read More about Think AI agents are risky? Your underlying stack is too

Think AI agents are risky? Your underlying stack is too

May 12, 2026

Mini Shai-Hulud tears at OSS trust

New Team PCP compromises of foundational npm packages are rocking open source. 

Read More about Mini Shai-Hulud tears at OSS trust

Mini Shai-Hulud tears at OSS trust

May 7, 2026

Selective NVD enrichment: Why it matters

AI vulnerability reporting is overwhelming teams — and NIST. But for AppSec, scaling back analysis is cause for alarm.

Read More about Selective NVD enrichment: Why it matters

Selective NVD enrichment: Why it matters

May 5, 2026

How Mythos changes the AppSec calculus

Here are the facts on Claude Mythos — and why a layered application security framework is essential.

Read More about How Mythos changes the AppSec calculus

How Mythos changes the AppSec calculus

April 30, 2026

How agentic AI flips the trust model

As AppSec shifts focus from the components to data, your strategy needs updating. Are you on top of your trust debt?

Read More about How agentic AI flips the trust model

How agentic AI flips the trust model

April 29, 2026

MCP rug-pull attack worries mount

This new class of AI tool supply chain attack highlights how trust of agents can be exploited.

Read More about MCP rug-pull attack worries mount

MCP rug-pull attack worries mount

April 23, 2026

Can AppSec keep pace with AI coding?

AI lets software teams generate code at a rate faster than security can validate it. One way to win the race: more AI.

Read More about Can AppSec keep pace with AI coding?

Can AppSec keep pace with AI coding?

April 22, 2026

LLMmap puts its finger on ML attacks

Researchers show how LLM fingerprinting can be used to automate generation of customized attacks.

Read More about LLMmap puts its finger on ML attacks

LLMmap puts its finger on ML attacks

April 16, 2026

Vibeware: More than bad vibes for AppSec

Threat actors are leveraging the freewheeling vibe-coding trend to deliver malicious software at scale.

Read More about Vibeware: More than bad vibes for AppSec

Vibeware: More than bad vibes for AppSec

April 15, 2026

The CRA is coming: Are you ready?

Here's how the EU's Cyber Resilience Act will reshape the software industry — and how that accelerates advantages.

Read More about The CRA is coming: Are you ready?

The CRA is coming: Are you ready?

April 8, 2026

Claude Mythos: Get your AppSec game on

Anthropic's new AI is a 'step change' for exposing software flaws — but also ramps up exploits. Are you ready?

Read More about Claude Mythos: Get your AppSec game on

Claude Mythos: Get your AppSec game on

April 7, 2026

28 application security stats that matter

AI and open source are redefining the software threat landscape. Here are the key statistics you need to know.

Read More about 28 application security stats that matter

28 application security stats that matter

April 2, 2026

Axios: How AppSec teams should respond

Here's a mitigations checklist and best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.

Read More about Axios: How AppSec teams should respond

Axios: How AppSec teams should respond

April 1, 2026

How JPMC tackles software ‘trust debt’

JPMorgan Chase CISO Patrick Opet discussed his letter on third-party software risk — and how that has played out.

Read More about How JPMC tackles software ‘trust debt’

How JPMC tackles software ‘trust debt’