LLMmap puts its finger on ML attacks
Researchers show how LLM fingerprinting can be used to automate generation of customized attacks.
Featured
LLMmap puts its finger on ML attacks
QR Code Phishing Evolves: How to Keep Up
Here's what you need to know about the rise of quishing — and how your threat hunting team can get out in front of it.
Why RL Built Spectra Assure Community
We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.
Latest
LLMmap puts its finger on ML attacks
Researchers show how LLM fingerprinting can be used to automate generation of customized attacks.
QR Code Phishing Evolves: How to Keep Up
Here's what you need to know about the rise of quishing — and how your threat hunting team can get out in front of it.
Vibeware: More than bad vibes for AppSec
Threat actors are leveraging the freewheeling vibe-coding trend to deliver malicious software at scale.
The CRA is coming: Are you ready?
Here's how the EU's Cyber Resilience Act will reshape the software industry — and how that accelerates advantages.
Why RL Built Spectra Assure Community
We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.
Graphalgo fake recruiter campaign returns
An attack targeting crypto developers has been respawned — with an LLC and new techniques.
Claude Mythos: Get your AppSec game on
Anthropic's new AI is a 'step change' for exposing software flaws — but also ramps up exploits. Are you ready?
28 application security stats that matter
AI and open source are redefining the software threat landscape. Here are the key statistics you need to know.
Axios: How AppSec teams should respond
Here's a mitigations checklist and best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.
ClickFix: YARA Rules Catch What AV Misses
Learn about the antivirus detection gap — and how to develop a simple YARA rule using Spectra Analyze.
How JPMC tackles software ‘trust debt’
JPMorgan Chase CISO Patrick Opet discussed his letter on third-party software risk — and how that has played out.
GenAI Security Project ramps up guidance
With AI ramping up risk, OWASP stepped up its project to help AppSec teams get up to speed — and take action.
AppSec as attacker: Inside Trivy–LiteLLM
The perimeter isn't your firewall — it's your CI/CD pipeline. Here’s what to know about TeamPCP's supply chain attack.
The TeamPCP supply chain attack evolves
The malicious campaign started with Trivy and Checkmarx and has shifted to LiteLLM — and now telnix. Here's how.
Decouple SIEM data to reshape your AppSec
Shift to a data security pipeline platform to get software visibility that modern supply chain threats demand.