Application Security | News, how-tos, features, reviews, and videos
New SSRF vulnerabilities highlight the weaknesses of using blacklisting techniques as a defense mechanism.
Shadow IT or careless configuration of container and artifact registries could give attackers access to sensitive data and inject malicious code.
With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.
2022 was a particularly leaky year in relation to secrets, GitGuardian’s latest State of Secrets Sprawl report finds.
The viability of the Open Worldwide Application Security Project for the modern open-source software landscape has been called into question.
The Biden administration's National Cybersecurity Strategy calls for more regulation on critical infrastructure providers and holds software providers accountable for their insecure products.
The quickly fixed flaw could have allowed attackers to take over accounts in the CDE and perform remote code execution.
The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.
Atlassian has issued fixed versions of the software and described a workaround to the flaw that could make access tokens available to attackers.
A rogue packet on the machine learning framework allowed the attacker to exfiltrate data, including SSH keys.