Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Have you decoded CVE-2025-66478?

The expectation for fast and free solutions dominates both personal and professional environments. From streaming platforms to software tools, convenience and zero-cost access often drive decision-making. While this approach may seem efficient on the surface, it raises critical questions about the hidden costs and overlooked trade-offs.

We recently published a series of polls across our social channels to get a pulse on some of today’s application security concerns with AI. These recent conversations with our community reveal a clear and urgent shift in the application security landscape. Results show that while established challenges like software supply chain security remain top of mind, the rapid pace of AI has created a new center of gravity for anxiety.

Application security is becoming increasingly fragmented. Development and security teams use a wide array of tools for testing, protection, and supply chain security. While each tool serves a purpose, they often operate in silos. This fragmentation creates a disconnected view of an organization’s security posture, making it difficult to prioritize and remediate risk effectively.

The landscape of application development is moving faster than ever, driven by AI and cloud-native technologies. While this rapid innovation creates opportunity, it also expands the attack surface, making robust security non-negotiable. As a security leader, you understand that effective application security testing software is the foundation of a strong defense. But in the face of escalating threats, are the basic tools still enough?

Nov 20, 2025 UK Cyber Security Bill: A Mandate for Resilience Read More Natalie Tischler Nov 18, 2025 GPT‑5 Pulls Ahead on Secure Code While Rivals Stall Read More Natalie Tischler Nov 12, 2025 Beyond Your Code: A Guide to Software Supply Chain Risk Management Read More Natalie Tischler.

The UK government has introduced its Cyber Security and Resilience Bill to parliament, signaling a significant update to the nation’s cybersecurity framework. The legislation aims to modernize and strengthen the existing Network and Information Systems (NIS) Regulations 2018, preparing the UK to defend against a new generation of digital threats. This bill is more than a regulatory update; it is a clear call for businesses to embed proactive security and resilience into their core operations.

AI coding assistants are evolving quickly. But are the latest models any better at writing secure code? Our October 2025 analysis brings fresh data on how newer large language models (LLMs) stack up against their predecessors, and the results reveal both progress and persistent gaps. This update builds on our July 2025 GenAI Code Security Report, which tested over 100 LLMs across four major programming languages.

The code your team writes is only a fraction of what ends up in your final product. For many teams, the majority is open-source code from third-party packages. This reliance on external dependencies creates a complex software supply chain, and each link in that chain is a potential entry point for attackers.

The package states it is for the GitHub Actions Toolkit, which has a legitimate npm package @actions/artifact. Therefore this malware package is a clear typosquat with the swapping of the letters “ti” for “it”. We took a look at the “harness” binary as indicated in version 4.0.13.