Big,Data.,Business,And,Digital,Technologies.,Data,Flow,In,A

Articles by Topic:

Application Security

OpenAI Codex vulnerability
The Codex Trap: Silent Config File Hijacks Dev Workflows
December 11, 2025
A new investigation from Check Point Research exposes a quietly dangerous flaw in OpenAI Codex, which helps developers write, debug, and refactor code. This isn’t an exotic attack. It's a realistic, low-skill avenue for supply-chain…
Read More >
GitLab prompt injection
GitLab’s AI Vulnerability Highlights the Dark Side of Prompt Injection
December 01, 2025
GitLab recently released new versions (18.5.2, 18.4.4, 18.3.6) of GitLab Community Edition (CE) and Enterprise Edition (EE) as an emergency patch for several new vulnerabilities. One of these vulnerabilities can enable attacks taking advantage of…
Read More >
Python
RCE Flaw in Python-SocketIO Exposes a Trusted Assumption
November 04, 2025
For years, Python has been the go-to language for developers who value speed and simplicity. Its clean syntax and massive ecosystem make it easy to get things done fast. The newly disclosed CVE-2025-61765 flaw in…
Read More >
AI-driven development AI coding Bugcrowd
AI-Driven Development Fuels New Vulnerabilities
October 03, 2025
In the past several years, AI has gone through massive growth, rapidly expanding in capabilities, popularity, and reach. This has led to an explosion of AI-driven development and faster release cycles, but it has also…
Read More >
Cursor IDE developer code autorun
New Vulnerability Exposes Developers to Silent Code Execution
September 26, 2025
Developers using the popular AI-powered code editor Cursor may be exposing themselves to silent attacks the moment they open a project. Oasis Security uncovered a critical vulnerability that, unlike the typical IDE flaws rooted in…
Read More >
SBOM software supply chain
Why a Shared SBOM Vision Could Be the Key to Securing the Software Supply Chain
September 23, 2025
In an era of increasingly interconnected digital landscapes, the software supply chain is a crucial area to secure, affecting organizations across all sectors. Software supply chain attacks are on the rise among modern threats, and…
Read More >
npm worm supply chain credential theft
How a Self-Propagating npm Attack Is Hunting Developer Secrets
September 23, 2025
A developer runs a routine update, the kind that happens dozens of times a week. Nothing unusual flashes on the screen. But buried inside the new package is a hidden file called bundle.js. The moment…
Read More >
Ultraviolet Cyber Black Duck
UltraViolet Makes a Bet on Unified Offense-Defense for the AI Code Era
September 13, 2025
UltraViolet Cyber has acquired Black Duck’s Application Security Testing services business, a move that expands its portfolio and signals a shift in how software security will be delivered. The timing is notable: enterprises are churning…
Read More >
NPM open source breach
Crypto-Stealing Code Slips Into NPM
September 12, 2025
Josh Junon, a software developer and maintainer, revealed on social media this week that his account had been compromised and 18 of his popular JavaScript packages tampered with. The malicious updates injected code designed to…
Read More >
Snyk Invariant Labs agentic AI
Snyk Acquires Invariant Labs to Defend Agentic AI Systems
July 17, 2025
Snyk has acquired Invariant Labs, an AI security research firm specializing in agentic systems, in a move to secure the next generation of intelligent software. Large language models (LLMs) and agentic AI architectures are rapidly…
Read More >
Outlook crash VDI reliability
Outlook Crash Sparks Debate Over VDI Reliability and Hidden Security Risks
July 14, 2025
A recent issue with Microsoft’s Outlook email platform has caused the client to crash when users are composing or opening emails. The issue can impact users across all Microsoft 365 Office channels, with users who…
Read More >
memory-safe languages MSLs
Why Memory-Safe Languages Are Now a National Security Priority
July 07, 2025
The United States Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) recently published a joint guide, “The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take…
Read More >
Salesforce low-code vulnerabilities
Salesforce Industry Cloud Vulnerabilities Highlight Hidden Dangers of Low-Code Platforms
June 24, 2025
Low-code platforms like Salesforce’s Industry Cloud promise to speed up digital transformation by making it easier for organizations to build and deploy apps. With tools like OmniStudio, employees can quickly create workflows and interfaces tailored…
Read More >
Binary 1187198 1280
Zero-Day Suspected in SAP NetWeaver Attacks
May 13, 2025
A newly uncovered attack is targeting SAP NetWeaver systems. According to researchers at ReliaQuest, threat actors are exploiting what appears to be a previously unknown vulnerability to quietly drop lightweight JSP web shells onto fully…
Read More >
BeyondTrust Microsoft Vulnerabilities report
What Microsoft’s 2024 Vulnerability Data Reveals About Cybersecurity Priorities
May 07, 2025
Findings from BeyondTrust’s recently released 12th annual Microsoft Vulnerabilities Report reveal a complex and evolving threat landscape. As evidence, consider that in 2024, Microsoft reported the highest number of vulnerabilities it has ever had (1,360).…
Read More >
AppSec alert fatigue noise
Why 95% of Security Warnings Are Noise
May 06, 2025
Modern application security (AppSec) suffers from a number of issues, one of the main ones being alert fatigue. Human teams do not have the time or resources to verify and investigate every security alert, especially…
Read More >
Erlang OTP SSH
Unpatched Erlang SSH Vulnerability Opens Door to Full System Takeover
May 02, 2025
Erlang/OTP plays a major role in telecom and distributed systems, enabling easy creation of concurrent, fault-tolerant, and robust systems. Erlang/OTP SSH is the most popular protocol for remote access management, and its compromise represents a…
Read More >
XCSSET Xcode malware
XCSSET: A New Variant That Targets Developers
March 28, 2025
Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a highly sophisticated modular macOS malware variant that injects malicious code into Xcode projects. Xcode is Apple’s integrated development environment (IDE) for macOS, which developers…
Read More >
Subscribe for the Latest News

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Consent*
Webinars
The End of Legacy SAST & the Rise of Developer-First AppSec
Register Now
Threat Actors Unveiled: Abusing AI: How Adversaries Code, Campaign, and Collaborate with AI
Register Now
Closing the Gap: Understanding the True State of Ransomware Readiness
Register Now