Application Security | News, how-tos, features, reviews, and videos
The company also releases advisories for high-severity data leaks and denial-of-service issues across multiple products, including Jira and Confluence.
Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository.
GitGuardian's new free service lets organizations check for exposed secrets from a database of 20 million records.
The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks.
Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers.
Researchers use the OpenSSF Scorecard to measure the security of the 50 most popular generative AI large language model projects on GitHub.
Threat actors are concealing campaigns to evade detection and establish stronger footholds in compromised systems.
The threat actor created fake personas on Twitter for researchers at a non-existent security firm.
Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software.
The malicious packages have been downloaded hundreds of times, but the long-term impact is unknown.