%term

The latest News and Information on Application Security including monitoring, testing, and open source.

Flutter App Security Testing: Why most tools fail and what actually works

Apr 2, 2026 By Abhinav Vasisth In Appknox

Most mobile security workflows end in a familiar way. A scan runs, a report is generated, and the output looks reassuring. There are no critical issues, maybe a few medium findings, nothing that blocks a release. The process completes, the team moves forward, and the app ships. At that moment, the assumption is clear. The app has been tested. The risk is understood. But there is a question that rarely gets asked, and it changes the entire conversation.

Read Post

Appknox

Read more about Flutter App Security Testing: Why most tools fail and what actually works

Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec

Apr 1, 2026 By TAC Security

TAC Infosec, a global leader in cybersecurity (NSE: TAC), with presence across 100+ countries, announced a historic milestone by crossing 10,000 clients - 6,500+ of TAC Security and 3,500+ of CyberScope, since April 2024, delivering on its commitment to shareholders to achieve this by 2026.

Read Post

Read more about Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec

Observability and Security for the AI Era

Mar 27, 2026 By Datadog In Datadog

Datadog has always been driven by a broader vision of helping teams understand and operate complex systems. In this session, you’ll hear from Yrieix Garnier, VP of Product, and Hugo Kaczmarek, Senior Director of Product, as they share the latest updates across the Datadog product suite and discuss how that vision continues to shape the platform’s evolution and support the next generation of AI-driven applications.

View Video

Datadog

Read more about Observability and Security for the AI Era

Prioritize, Protect, Prove: A Roadmap for Application Security Transformation

Mar 26, 2026 By Natalie Tischler In Veracode

The pace of software flaw creation is officially outpacing remediation capacity. Right now, 82% of organizations carry security debt. Traditional security methods simply cannot keep up with modern development speeds. As engineering teams ship code faster than ever, vulnerability backlogs grow, compounding challenges and leaving organizations exposed to threats. Data from the 2026 State of Software Security Report reveals a 36% relative increase in high-risk vulnerabilities.

Read Post

Veracode

Read more about Prioritize, Protect, Prove: A Roadmap for Application Security Transformation

Understanding Malicious Packages in Modern Software Supply Chains

Mar 26, 2026 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about Understanding Malicious Packages in Modern Software Supply Chains

BewAIre: Detecting Malicious Pull Requests at Scale with LLMs

Mar 23, 2026 By Datadog In Datadog

As AI coding assistants accelerate software development, the volume of pull requests at Datadog has grown to nearly 10,000 per week, increasing the risk that malicious changes slip through due to review fatigue. To address this, Datadog built BewAIre, an LLM-powered code review system designed to identify malicious source code changes introduced by threat actors. By reducing approval fatigue for developers while increasing friction for attackers, BewAIre guides human reviewers to the areas where judgment matters most, without slowing developer velocity.

View Video

Datadog

Read more about BewAIre: Detecting Malicious Pull Requests at Scale with LLMs

The Next Era of AppSec: Why AI-Generated Code Needs Offensive Dynamic Testing

Mar 20, 2026 By Nuno Loureiro In Snyk

My colleague Manoj Nair recently wrote about the growing gap between what AI builds and what security teams actually test. He made the case that the speed of AI-driven development has fundamentally outpaced validation, and that the response can't be to slow down, but to change what testing means. I agree with every word.

Read Post

Snyk

Read more about The Next Era of AppSec: Why AI-Generated Code Needs Offensive Dynamic Testing

Boost Security Launches Developer Endpoint Security to Secure AI-Driven Software Development at the Source

Mar 19, 2026 By Boost Security

New platform protects developer machines, coding agents, and AI-generated code before it reaches the repository.

Read Post

Read more about Boost Security Launches Developer Endpoint Security to Secure AI-Driven Software Development at the Source

Secure Your Future with a Compliance-First AppSec Posture

Mar 19, 2026 By Donna Namorato In Veracode

If you treat compliance as a final hurdle before deployment, you are already behind. For years, organizations have viewed regulatory compliance as a box to check—a necessary evil that slows down development and frustrates engineering teams. The standard approach involves scrambling before an audit, manually aggregating data from spreadsheets, and patching vulnerabilities at the last possible minute.

Read Post

Veracode

Read more about Secure Your Future with a Compliance-First AppSec Posture

fast-draft Open VSX Extension Compromised by BlokTrooper

Mar 18, 2026 By Raphael Silva In Aikido

The KhangNghiem/fast-draft extension, listed on open-vsx.org/extension/KhangNghiem/fast-draft and now sitting above 26,000 downloads, had multiple malicious releases that execute a GitHub-hosted downloader and pull a second-stage RAT and infostealer from the BlokTrooper/extension repository. The confirmed malicious releases in the version line we inspected are 0.10.89, 0.10.105, 0.10.106, and 0.10.112.

Read Post