Application Security | News, how-tos, features, reviews, and videos
Organizations are remediating MOVEit vulnerabilities 21 times faster compared to other vulnerabilities, according to research by Bitsight.
Growing use of APIs give attackers more ways to break authentication controls, exfiltrate data, or perform disruptive acts.
Open-source packages with large language model (LLM) capabilities have many dependencies that make calls to security-sensitive APIs, according to a new Endor Labs report.
With the added features, Enforce can now generate and ingest software bills of materials for container images, automate vulnerability scans and generate reports.
JFrog Curation vets and blocks infected open source or third-party packages before they enter development.
OPSWAT study found about three-fourths of organizations pushing their security budgets over evolving applications with unsecured infrastructure.
Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers.
Researchers use the OpenSSF Scorecard to measure the security of the 50 most popular generative AI large language model projects on GitHub.
Threat actors are concealing campaigns to evade detection and establish stronger footholds in compromised systems.
Baffle Manager 2.0 adds REST APIs, secrets store, certificate store, and SSO to fully automate data protection over SaaS workflows.