news analysisNpm ecosystem vulnerable to new manifest confusion attackPackage manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers.By Lucian Constantin29 Jun 20236 minsDevSecOpsVulnerabilitiesOpen Source news analysis Most popular generative AI projects on GitHub are the least secureBy Michael Hill28 Jun 20235 minsGenerative AIApplication SecurityOpen Sourcefeature The CSO guide to top security conferencesBy CSO Staff28 Jun 202322 minsTechnology IndustryIT SkillsEvents news analysisFileless attacks surge as cybercriminals evade cloud security defensesBy Michael Hill 27 Jun 20235 minsCyberattacksSupply ChainApplication Security newsBaffle launches new user interface to simplify application data securityBy Shweta Sharma 21 Jun 20233 minsApplication SecurityData and Information SecuritySecurity Software newsTeam Cymru launches threat-hunting tool aims to fast-forward analysisBy Samira Sarraf 19 Jun 20232 minsThreat and Vulnerability ManagementApplication SecurityData and Information Security feature5 best practices to ensure the security of third-party APIsBy Linda Rosencrance 15 Jun 20238 minsSupply ChainSupply ChainSupply Chain news analysisAttackers set up rogue GitHub repos with malware posing as zero-day exploitsBy Lucian Constantin 14 Jun 20234 minsDevSecOpsCyberattacksApplication Security newsRezilion releases agentless runtime software vulnerability management solutionBy Michael Hill 14 Jun 20233 minsThreat and Vulnerability ManagementSupply ChainApplication Security ArticlesnewsOpenSSF releases SLSA v1.0, adds software supply chain-specific tracksSLSA v1.0 has been designed to make the software supply chain security framework more accessible and specific to areas of the software delivery lifecycle.By Michael Hill 19 Apr 2023 4 minsDevSecOpsSupply ChainApplication SecuritynewsApp cyberattacks jump 137%, with healthcare, manufacturing hit hard, Akamai saysLocal file intrusions and broken object-level authorization top application and API-related threat vectors, respectively, according to Akamai customer survey.By Jon Gold 18 Apr 2023 3 minsAPIsApplication Securityfeature19 startups to check out at RSA Conference 2023Young vendors of identity and access management, application security, and third-party risk solutions dominate the list of startups exhibiting at RSA.By Michael Nadeau 18 Apr 2023 8 minsAuthenticationRSA ConferenceDevSecOpsnews7 countries unite to push for secure-by-design developmentAgencies from across seven countries come together to create a guidance that aims to remove the burden of security from the technology buyer.By Samira Sarraf 17 Apr 2023 5 minsDevSecOpsInternet of ThingsApplication Securitynews analysisGoogle launches dependency API and curated package repository with security metadataWith the two new services, Google aims to help minimize risk from malicious code in the software supply chain.By Lucian Constantin 12 Apr 2023 7 minsDevSecOpsGoogleApplication Securitynews3CX DesktopApp compromised by supply chain attack3CX will be releasing an update for the DesktopApp in the next few hours; meanwhile, users are urged to use the PWA Client instead. By Apurva Venkat 30 Mar 2023 3 minsMalwareVoIPApplication SecuritynewsNoname Security releases API security updatesThe latest API security upgrades from Noname focus on expanded testing and discovery.By Jon Gold 29 Mar 2023 3 minsDevSecOpsApplication SecurityAPIsnewsBackslash AppSec solution targets toxic code flows, threat model automationNew cloud-native solution aims to address time-consuming, manual methods for discovering and mapping application code security risks.By Michael Hill 22 Mar 2023 4 minsDevSecOpsApplication SecuritynewsUK bans TikTok on government devices over data security fearsThe UK has joined international partners in banning social media app TikTok from government electronic devices over concerns the Chinese-owned app could pose a security risk.By Michael Hill 16 Mar 2023 3 minsGovernmentApplication SecurityData and Information SecuritynewsGitHub begins 2FA rollout for code contributorsGitHub’s 2FA rollout seeks to enhance the security of developer accounts and protect the software supply chain.By Michael Hill 09 Mar 2023 3 minsDevSecOpsApplication Securitynews analysisHard-coded secrets up 67% as secrets sprawl threatens software supply chain2022 was a particularly leaky year in relation to secrets, GitGuardian’s latest State of Secrets Sprawl report finds. By Michael Hill 08 Mar 2023 5 minsApplication SecurityData and Information SecurityVulnerabilitiesnews analysisOpen letter demands OWASP overhaul, warns of mass project exodusThe viability of the Open Worldwide Application Security Project for the modern open-source software landscape has been called into question.By Michael Hill 06 Mar 2023 7 minsCSO and CISOApplication Security Show more Show less View all Resources whitepaper The shift to a security approach for the full application stack This whitepaper discusses how technologists can optimize security for modern application stacks. The post The shift to a security approach for the full application stack appeared first on Whitepaper Repository. By WWT & AppDynamics 05 May 2023Application Performance ManagementEmerging TechnologyIT Management View all Video on demand videoWhat's ahead for cybersecurity in 2019: TECH(talk)J.M. Porup, senior writer at CSO online, joins Juliet on this week’s episode of TECH(talk) to discuss trends in ransomware, IoT security and enterprise cybersecurity roles. Feb 01, 2019 25 minsRansomwareTechnology IndustryCyberattacks 6 security reasons to upgrade to Windows 10 Jul 25, 2018 1 minsApplication SecurityPrivacyWindows Don't ignore application security | Salted Hash Ep 35 23 Jul 2018 18 minsApplication SecurityVulnerabilitiesSecurity The difference between red team engagements and vulnerability assessments | Salted Hash Ep 34 03 Jul 2018 16 minsData BreachApplication SecurityCybercrime See all videos Explore a topic Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security View all topics All topics Close Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Generative AI Show me morePopularArticles opinion What is the dark web? How to access it and what you'll find By Darren Guccione 01 Jul 202111 mins Data BreachTechnology IndustryCybercrime