Big,Data.,Business,And,Digital,Technologies.,Data,Flow,In,A

Articles by Topic:

Application Security

open source supply chain vulnerability https://pixabay.com/illustrations/chain-chain-link-connection-2364831/
How Open Source CI Workflows Became the New Supply Chain Vulnerability
May 21, 2026
On April 24th, 2026, the Elementary Open Source Python CLI was released containing malicious code, injected by an attacker posting a crafted pull request (PR) comment. The GitHub Actions workflow interpolated the comment into a…
Read More >
Pexels Duncanoluwaseun 226232
Open-Source Risk Accelerating Faster Than Governance
March 09, 2026
The latest Open Source Security and Risk Analysis (OSSRA) report issued by Black Duck reveals a sharp escalation in software supply chain risk. Driven by explosive dependency growth, duplicated components, and AI-generated code, open-source vulnerabilities…
Read More >
software supply chain risk ai code
As AI Rewrites Software Supply Chains, Security Fails to Keep Pace
December 30, 2025
AI-assisted coding has crossed the line from experimental to essential. According to new research from Black Duck, nearly every organization now relies on AI tools to generate software code. This creates a big problem! Security…
Read More >
North Korea Contagious Interview npm
North Korea’s “Contagious Interview” Malware Floods npm With 200 New Packages
December 16, 2025
North Korea’s Contagious Interview operators have ramped up their campaign against software developers, pushing nearly 200 new malicious packages into the npm registry in the past month alone. According to research from Socket, the packages…
Read More >
OpenAI Codex vulnerability
The Codex Trap: Silent Config File Hijacks Dev Workflows
December 11, 2025
A new investigation from Check Point Research exposes a quietly dangerous flaw in OpenAI Codex, which helps developers write, debug, and refactor code. This isn’t an exotic attack. It's a realistic, low-skill avenue for supply-chain…
Read More >
GitLab prompt injection
GitLab’s AI Vulnerability Highlights the Dark Side of Prompt Injection
December 01, 2025
GitLab recently released new versions (18.5.2, 18.4.4, 18.3.6) of GitLab Community Edition (CE) and Enterprise Edition (EE) as an emergency patch for several new vulnerabilities. One of these vulnerabilities can enable attacks taking advantage of…
Read More >
Python
RCE Flaw in Python-SocketIO Exposes a Trusted Assumption
November 04, 2025
For years, Python has been the go-to language for developers who value speed and simplicity. Its clean syntax and massive ecosystem make it easy to get things done fast. The newly disclosed CVE-2025-61765 flaw in…
Read More >
AI-driven development AI coding Bugcrowd
AI-Driven Development Fuels New Vulnerabilities
October 03, 2025
In the past several years, AI has gone through massive growth, rapidly expanding in capabilities, popularity, and reach. This has led to an explosion of AI-driven development and faster release cycles, but it has also…
Read More >
Cursor IDE developer code autorun
New Vulnerability Exposes Developers to Silent Code Execution
September 26, 2025
Developers using the popular AI-powered code editor Cursor may be exposing themselves to silent attacks the moment they open a project. Oasis Security uncovered a critical vulnerability that, unlike the typical IDE flaws rooted in…
Read More >
SBOM software supply chain
Why a Shared SBOM Vision Could Be the Key to Securing the Software Supply Chain
September 23, 2025
In an era of increasingly interconnected digital landscapes, the software supply chain is a crucial area to secure, affecting organizations across all sectors. Software supply chain attacks are on the rise among modern threats, and…
Read More >
npm worm supply chain credential theft
How a Self-Propagating npm Attack Is Hunting Developer Secrets
September 23, 2025
A developer runs a routine update, the kind that happens dozens of times a week. Nothing unusual flashes on the screen. But buried inside the new package is a hidden file called bundle.js. The moment…
Read More >
Ultraviolet Cyber Black Duck
UltraViolet Makes a Bet on Unified Offense-Defense for the AI Code Era
September 13, 2025
UltraViolet Cyber has acquired Black Duck’s Application Security Testing services business, a move that expands its portfolio and signals a shift in how software security will be delivered. The timing is notable: enterprises are churning…
Read More >
NPM open source breach
Crypto-Stealing Code Slips Into NPM
September 12, 2025
Josh Junon, a software developer and maintainer, revealed on social media this week that his account had been compromised and 18 of his popular JavaScript packages tampered with. The malicious updates injected code designed to…
Read More >
Snyk Invariant Labs agentic AI
Snyk Acquires Invariant Labs to Defend Agentic AI Systems
July 17, 2025
Snyk has acquired Invariant Labs, an AI security research firm specializing in agentic systems, in a move to secure the next generation of intelligent software. Large language models (LLMs) and agentic AI architectures are rapidly…
Read More >
Outlook crash VDI reliability
Outlook Crash Sparks Debate Over VDI Reliability and Hidden Security Risks
July 14, 2025
A recent issue with Microsoft’s Outlook email platform has caused the client to crash when users are composing or opening emails. The issue can impact users across all Microsoft 365 Office channels, with users who…
Read More >
memory-safe languages MSLs
Why Memory-Safe Languages Are Now a National Security Priority
July 07, 2025
The United States Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) recently published a joint guide, “The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take…
Read More >
Salesforce low-code vulnerabilities
Salesforce Industry Cloud Vulnerabilities Highlight Hidden Dangers of Low-Code Platforms
June 24, 2025
Low-code platforms like Salesforce’s Industry Cloud promise to speed up digital transformation by making it easier for organizations to build and deploy apps. With tools like OmniStudio, employees can quickly create workflows and interfaces tailored…
Read More >
Binary 1187198 1280
Zero-Day Suspected in SAP NetWeaver Attacks
May 13, 2025
A newly uncovered attack is targeting SAP NetWeaver systems. According to researchers at ReliaQuest, threat actors are exploiting what appears to be a previously unknown vulnerability to quietly drop lightweight JSP web shells onto fully…
Read More >
Subscribe for the Latest News
Webinars
The $5M Blind Spot: What Happens When You Can’t Tell Good Bots from Bad
Register Now
Defining Cyber Resilience with Francis Odum
Register Now
The New Era of Cyber Resilience: Mastering Autonomous M365 Recovery and Rubrik Agent Cloud
Register Now