Our threat research team recently uncovered new npm packages that are used to download a new info-stealer variant that uses the popular Electron framework to disguise itself as a legitimate application. In this blog post, we’ll analyze the attack flow of this new info-stealer we detected and explain how it can stay undetected by abusing trusted development tools like Electron.

As modern software becomes increasingly cloud-based and containerized, application security tools must adapt to meet new challenges and provide security coverage across the software development lifecycle (SDLC). The use of container platforms like Docker and orchestration tools like Kubernetes inherently solves some security concerns – but containers are not without risk, and can even inject some new risks into your organization’s software.

Static application security testing (SAST) is a crucial component of any software and application security strategy, and as such, a SAST tool should form a valuable part of your security stack. But when you’re choosing which SAST tool to buy and implement, what are the key factors you should consider?

Brandjacking refers to the malicious act of using a brand’s identity to deceive or defraud customers. It usually involves impersonating a reputable brand to gain unauthorized access to sensitive information or exploit the trust associated with the brand. Attackers often leverage the reputation of well-known brands using social engineering techniques, phishing emails, fake websites, and malicious packages in open source repositories.

Typosquatting represents a significant threat to cybersecurity. But what exactly is it? How does it work? What threats does it pose to your cybersecurity? How can you prevent these threats and how can you deploy application security against them?

This is the third part of a blog series on AI-powered application security. Following the first two parts that presented concerns associated with AI technology, this part covers suggested approaches to cope with AI concerns and challenges. In my previous blog posts, I presented major implications of AI use on application security, and examined why a new approach to application security may be required to cope with these challenges.

Software vulnerability patching plays a critical role in safeguarding your code base, software, applications, computer systems, and networks against potential threats, and ensuring they’re compliant, and optimized for efficiency. Organizations’ codebases have become increasingly complex, involving sophisticated relationships between components and their dependencies.

AI-related security risk manifests itself in more than one way. It can, for example, result from the usage of an AI-powered security solution that is based on an AI model that is either lacking in some way, or was deliberately compromised by a malicious actor. It can also result from usage of AI technology by a malicious actor to facilitate creation and exploitation of vulnerabilities.

Software and applications make the world go round. This naturally makes them a top attack target for threat actors, and highlights the importance of robust software supply chain compliance. But how do companies build and implement a compliance strategy that solves the challenges of modern application security? Let’s take a look.