%term

The latest News and Information on Application Security including monitoring, testing, and open source.

Securing AI Isn't Just About Your Pipeline #AIsecurity #DevSecOps #AppSec #redteaming

Apr 28, 2025 By Mend In Mend

Building AI apps securely is not just about plugging tools into your dev pipeline. It’s about knowing what to do with those tools after they give you results. What risks matter? What policies should you apply? And when is the right time to integrate AI security into your CI/CD? Bar-El Tayouri sits down with Ashish Rajan from The Cloud Security Podcast to discuss why red teaming and scanning aren’t enough and how getting comfortable with AI security before production pays off long-term.

View Video

Mend

Read more about Securing AI Isn't Just About Your Pipeline #AIsecurity #DevSecOps #AppSec #redteaming

XRP supply chain attack: Official NPM package infected with crypto stealing backdoor

Apr 22, 2025 By Charlie Eriksen In Aikido

At 21 Apr, 20:53 GMT+0, our system, Aikido Intel started to alert us to five new package version of the xrpl package. It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads. We quickly confirmed the official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

Read Post

Aikido

Read more about XRP supply chain attack: Official NPM package infected with crypto stealing backdoor

Introducing a new Application Security experience

Apr 15, 2025 By Cloudflare In Cloudflare

Welcome to Cloudflare Security Week 2025! During this year's Security Week, we are boosting security with AI-driven insights, better threat detection, and stronger protections against emerging risks. Our aim is to empower customers with more intuitive and user-friendly solutions to protect their data and applications in an increasingly complex environment. In this episode, tune in for a conversation with Cloudflare's Jessica Tarasoff, Product Design Lead, and Pete Thomas, Senior Manager, Product Design.

View Video

Cloudflare

Read more about Introducing a new Application Security experience

Mobile App Security Audit Checklist

Apr 10, 2025 By Abhinav Vasisth In Appknox

New cyber threats emerge daily, demanding constant attention. Security isn't something you do once and forget about! According to IBM, the average cost of a data breach in 2024 was $4.88 million, a 10% increase from the previous year. That’s why it's crucial to integrate regular mobile app security audits into your strategy. Think of it as a health check-up for your app – catching problems before they become nightmares.

Read Post

Appknox

Read more about Mobile App Security Audit Checklist

The malware dating guide: Understanding the types of malware on NPM

Apr 10, 2025 By Madeline Lawrence In Aikido

The Node ecosystem is built on a foundation of trust — trust that the packages you npm install are doing what they say they do. But that trust is often misplaced. Over the past year, we’ve seen a disturbing trend: a rising number of malicious packages published to npm, often hiding in plain sight. Some are crude proof-of-concepts (PoCs) by researchers, others are carefully crafted backdoors.

Read Post

Aikido

Read more about The malware dating guide: Understanding the types of malware on NPM

Cybersecurity Modernization Summit: Moving From Reactive Threat Detection and Response to Proactive

Apr 10, 2025 By Datadog In Datadog

Jake Williams, SVP of Modernization at Scoop News Group and Datadog VP Bianca Lankford for a conversation to learn more about how real-time threat detection paired with rich observability insights is helping organizations to achieve faster security outcomes. This conversation will also address the role auto-remediation plays in the future of government cybersecurity.

View Video

Datadog

Read more about Cybersecurity Modernization Summit: Moving From Reactive Threat Detection and Response to Proactive

Secure Cloud Computing in Government

Apr 10, 2025 By Datadog In Datadog

Cloud technology continues to play an integral role in driving innovation at federal agencies. As use cases become increasingly complex, how can agencies ensure data is secured? During this webinar, you will gain the unique perspective of top federal IT experts.

View Video

Datadog

Read more about Secure Cloud Computing in Government

MeriTalk State Tech Vision Panel: Workforce, Cybersecurity, and Digital Transformation

Apr 10, 2025 By Datadog In Datadog

View Video

Datadog

Read more about MeriTalk State Tech Vision Panel: Workforce, Cybersecurity, and Digital Transformation

AI and AppSec: A Partnership to Prevent Breaches

Apr 10, 2025 By Natalie Tischler In Veracode

As software development accelerates, cyberattacks are also growing more sophisticated. The result? Traditional security methods are often rendered ineffective. With reactive strategies and stretched resources, application security (AppSec) teams are under increasing pressure to secure apps without sacrificing speed and innovation. Artificial intelligence (AI) has quickly become the frontrunner solution, automating labor-intensive tasks, improving accuracy, and enabling proactive security measures.

Read Post

Veracode

Read more about AI and AppSec: A Partnership to Prevent Breaches

Hide and Fail: Obfuscated Malware, Empty Payloads, and npm Shenanigans

Apr 3, 2025 By Willem Delbare In Aikido

‍ On March 14th 2025, we detected a malicious package on npm called node-facebook-messenger-api. At first, it seemed to be pretty run-of-the-mill malware, though we couldn’t tell what the end-goal was. We didn’t think much more of it until April 3rd 2025, when we see the same threat actor expand their attack.

Read Post