Fake install logs in npm packages load RAT
The final-stage malware in the Ghost campaign is a RAT designed to steal crypto wallets and sensitive data.
Featured
Fake install logs in npm packages load RAT
TeamPCP supply chain attack spreads
The compromise of Checkmarx Open VSX plugins on npm has now spread to PyPI and LiteLLM.
OpenClaw lesson: AI agents are a black hole
AI agents create novel attack surfaces and control issues that require rethinking assumptions — and AppSec tooling.
Latest
TeamPCP supply chain attack spreads
The compromise of Checkmarx Open VSX plugins on npm has now spread to PyPI and LiteLLM.
Fake install logs in npm packages load RAT
The final-stage malware in the Ghost campaign is a RAT designed to steal crypto wallets and sensitive data.
Crypto group ushers in post-quantum security
Here’s a look at the Ethereum Foundation’s new PQC security effort — and why you need to modernize your SecOps.
OpenClaw lesson: AI agents are a black hole
AI agents create novel attack surfaces and control issues that require rethinking assumptions — and AppSec tooling.
How to Examine Polyglot Files with Spectra Analyze
Here's how to assess a sample using Spectra Analyze in your environment — and create a YARA rule.
Make Your SBOMs Actionable with PURLs
Learn how Package URLs improve vulnerability matching, which reduces alert fatigue and simplifies compliance.
OWASP adopts DockSec: Why it matters
OWASP has adopted the container security tool to slow information overload. Here’s what you need to know.
OpenClaw and AI risk: 3 AppSec lessons
The OpenClaw saga is a case study on the threat from agentic AI, showing how it increases software risk.
Claude Code Security: The pros and cons
The new tool is a step forward on AI coding risk — but it trips on modern threats because it looks only at source code.
AI-native AppSec: What it is — and why it matters
AI coding is a game-changer — and requires AI-powered application security to fight fire with fire.
BSIMM16 confirms: AI redefines AppSec
AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.
Inside the NuGet hackers' toolset
RL discovered two packages containing scripts that complete a typosquatting toolchain. Here's how it worked.
Malicious NuGet package targets Stripe
Threat actors targeted developers with a bogus package — a shift away from the recent crypto development hack focus.
How AI agents upend supply chain security
Here’s what you need to know about their impact on software security — and what you can do to fight back.
Cybercrime-as-a-service forces a security rethink
With AI-powered tools readily available, sophisticated attacks no longer require sophisticated attackers.