Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Zero-day vulnerabilities are the new normal in cybersecurity. In 2023 alone, more than 100 high-profile zero-day incidents were reported. Despite the early warning signs, major corporations and government agencies, from giants like Google and Cisco to the U.S. Government, continue to be blindsided by zero-day threats into 2025. In December 2024, for example, the U.S.

On April 16, 2025, the cybersecurity community faced a potential crisis as U.S. government funding for the Common Vulnerabilities and Exposures (CVE) program, managed by MITRE and sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), was set to expire.

In 2025, AI is further transforming how software is built—accelerating code generation, testing, and deployment. But while it boosts speed and productivity, AI-driven development introduces new risks that developers and security teams can’t afford to ignore. To secure this next-gen development environment, organizations must understand the evolving threat landscape and adopt smarter, more integrated security strategies.

As software development accelerates, cyberattacks are also growing more sophisticated. The result? Traditional security methods are often rendered ineffective. With reactive strategies and stretched resources, application security (AppSec) teams are under increasing pressure to secure apps without sacrificing speed and innovation. Artificial intelligence (AI) has quickly become the frontrunner solution, automating labor-intensive tasks, improving accuracy, and enabling proactive security measures.

Hello from the Veracode Research blog! It’s been a minute since we’ve done a malware write-up, but we’re back and ready for action! And speaking of folks who are back and ready for action, the North Korean attackers behind the crypto wallet stealer campaign we wrote about in February of 2024 and again in May of 2024 are back at it with a new batch of malicious npm packages.

We are excited to announce the launch of Veracode Threat Research, a new initiative to counter software supply chain threats. Thanks to the acquisition of Phylum, Inc., we are now equipped with cutting-edge technology and a wealth of expertise to revolutionize how we secure the open-source ecosystem and protect your developers from novel attacks.