Technical - Application Security

Contact owners and managers

1–30 of 4262

0 selected

12:23 PM

Study Reveals the U.S. is the No. 1 Offender of Anonymous Open-Source Contributions

https://www.businesswire.com/news/home/20241202090813/en/Study-Reveals-the-US-is-the-No.-1-Offender-

unread,

Study Reveals the U.S. is the No. 1 Offender of Anonymous Open-Source Contributions

https://www.businesswire.com/news/home/20241202090813/en/Study-Reveals-the-US-is-the-No.-1-Offender-

12:23 PM

12:23 PM

Bridging the Gap: Elevating Red Team Assessments with Application Security Testing

https://cloud.google.com/blog/topics/threat-intelligence/red-team-application-security-testing Eyal

unread,

Bridging the Gap: Elevating Red Team Assessments with Application Security Testing

https://cloud.google.com/blog/topics/threat-intelligence/red-team-application-security-testing Eyal

12:23 PM

Dec 11

BadRAM: $10 security flaw in AMD could allow hackers to access cloud computing secrets

https://therecord.media/amd-security-flaw-badram https://www.birmingham.ac.uk/news/2024/flaw-in-

unread,

BadRAM: $10 security flaw in AMD could allow hackers to access cloud computing secrets

https://therecord.media/amd-security-flaw-badram https://www.birmingham.ac.uk/news/2024/flaw-in-

Dec 11

Dec 10

Preventing data leakage in low-node/no-code environments

https://www.helpnetsecurity.com/2024/12/10/lcnc-platforms/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE

unread,

Preventing data leakage in low-node/no-code environments

https://www.helpnetsecurity.com/2024/12/10/lcnc-platforms/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE

Dec 10

Dec 6

Backdoor slipped into popular code library, drains ~$155k from digital wallets

https://arstechnica.com/information-technology/2024/12/backdoor-slips-into-popular-code-library-

unread,

Backdoor slipped into popular code library, drains ~$155k from digital wallets

https://arstechnica.com/information-technology/2024/12/backdoor-slips-into-popular-code-library-

Dec 6

Dec 6

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies

https://www.cisa.gov/news-events/alerts/2024/12/05/asds-acsc-cisa-and-us-and-international-partners-

unread,

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies

https://www.cisa.gov/news-events/alerts/2024/12/05/asds-acsc-cisa-and-us-and-international-partners-

Dec 6

Dec 5

2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps

https://snyk.io/blog/2024-open-source-security-report-slowing-progress-and-new-challenges-for/ Eyal

unread,

2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps

https://snyk.io/blog/2024-open-source-security-report-slowing-progress-and-new-challenges-for/ Eyal

Dec 5

Dec 5

Cloudflare’s pages.dev and workers.dev Domains Increasingly Abused for Phishing

https://www.fortra.com/blog/cloudflare-pages-workers-domains-increasingly-abused-for-phishing Eyal

unread,

Cloudflare’s pages.dev and workers.dev Domains Increasingly Abused for Phishing

https://www.fortra.com/blog/cloudflare-pages-workers-domains-increasingly-abused-for-phishing Eyal

Dec 5

Dec 5

Census III of Free and Open Source Software

https://www.linuxfoundation.org/hubfs/LF%20Research/lfr_censusiii_120424a.pdf Eyal Estrin CISSP, CCSP

unread,

Census III of Free and Open Source Software

https://www.linuxfoundation.org/hubfs/LF%20Research/lfr_censusiii_120424a.pdf Eyal Estrin CISSP, CCSP

Dec 5

Nov 30

Malicious PyPI crypto pay package aiocpa implants infostealer code

https://www.reversinglabs.com/blog/malicious-pypi-crypto-pay-package-aiocpa-implants-infostealer-code

unread,

Malicious PyPI crypto pay package aiocpa implants infostealer code

https://www.reversinglabs.com/blog/malicious-pypi-crypto-pay-package-aiocpa-implants-infostealer-code

Nov 30

Nov 28

Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft

https://checkmarx.com/blog/dozens-of-machines-infected-year-long-npm-supply-chain-attack-combines-

unread,

Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft

https://checkmarx.com/blog/dozens-of-machines-infected-year-long-npm-supply-chain-attack-combines-

Nov 28

Nov 27

Security pros see potential in AI-augmented fixes for security flaws

https://blog.451alliance.com/security-pros-see-potential-in-ai-augmented-fixes-for-security-flaws/

unread,

Security pros see potential in AI-augmented fixes for security flaws

https://blog.451alliance.com/security-pros-see-potential-in-ai-augmented-fixes-for-security-flaws/

Nov 27

Nov 27

There are only two sources of security issues: software bugs and configuration mistakes

https://ventureinsecurity.net/p/there-are-only-two-sources-of-security Eyal Estrin CISSP, CCSP, CISM,

unread,

There are only two sources of security issues: software bugs and configuration mistakes

https://ventureinsecurity.net/p/there-are-only-two-sources-of-security Eyal Estrin CISSP, CCSP, CISM,

Nov 27

Nov 23

Forti-fied? Logging blind spot revealed in FortiClient VPN

https://pentera.io/blog/FortiClient-VPN_logging-blind-spot-revealed/ Eyal Estrin CISSP, CCSP, CISM,

unread,

Forti-fied? Logging blind spot revealed in FortiClient VPN

https://pentera.io/blog/FortiClient-VPN_logging-blind-spot-revealed/ Eyal Estrin CISSP, CCSP, CISM,

Nov 23

Nov 22

Leveling Up Fuzzing: Finding more vulnerabilities with AI

https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html Eyal Estrin CISSP, CCSP

unread,

Leveling Up Fuzzing: Finding more vulnerabilities with AI

https://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html Eyal Estrin CISSP, CCSP

Nov 22

Nov 22

Legit Security Releases Survey Report on GenAI in Software Development, Revealing Pervasive Security Challenges Despite High Rate of Adoption

https://www.legitsecurity.com/press-releases/legit-releases-survey-on-genai-in-software-development

unread,

Legit Security Releases Survey Report on GenAI in Software Development, Revealing Pervasive Security Challenges Despite High Rate of Adoption

https://www.legitsecurity.com/press-releases/legit-releases-survey-on-genai-in-software-development

Nov 22

Nov 22

In-Depth Security in Your Frontend Applications

https://medium.com/insiderengineering/in-depth-security-in-your-frontend-applications-6297c25d1f9c

unread,

In-Depth Security in Your Frontend Applications

https://medium.com/insiderengineering/in-depth-security-in-your-frontend-applications-6297c25d1f9c

Nov 22

Nov 20

2024 CWE Top 25 Most Dangerous Software Weaknesses

https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses

unread,

2024 CWE Top 25 Most Dangerous Software Weaknesses

https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses

Nov 20

Nov 20

Threat Actors Hijack Misconfigured Servers for Live Sports Streaming

https://www.aquasec.com/blog/threat-actors-hijack-misconfigured-servers-for-live-sports-streaming/

unread,

Threat Actors Hijack Misconfigured Servers for Live Sports Streaming

https://www.aquasec.com/blog/threat-actors-hijack-misconfigured-servers-for-live-sports-streaming/

Nov 20

Nov 16

This pregnancy app has a huge security flaw that it does not want to fix

https://www.neowin.net/news/this-pregnancy-app-has-a-huge-security-flaw-that-it-does-not-want-to-fix/

unread,

This pregnancy app has a huge security flaw that it does not want to fix

https://www.neowin.net/news/this-pregnancy-app-has-a-huge-security-flaw-that-it-does-not-want-to-fix/

Nov 16

Nov 16

Startup’s “AI” tool spams GitHub repositories with bogus commits, without consent

https://www.osnews.com/story/141134/startups-ai-tool-spams-github-repositories-with-bogus-commits-

unread,

Startup’s “AI” tool spams GitHub repositories with bogus commits, without consent

https://www.osnews.com/story/141134/startups-ai-tool-spams-github-repositories-with-bogus-commits-

Nov 16

Nov 16

4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability

https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/ Eyal Estrin CISSP, CCSP,

unread,

4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability

https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/ Eyal Estrin CISSP, CCSP,

Nov 16

Nov 16

Varonis Discovers New Vulnerability in PostgreSQL PL/Perl

https://www.varonis.com/blog/cve-postgresql-pl/perl https://www.postgresql.org/support/security/CVE-

unread,

Varonis Discovers New Vulnerability in PostgreSQL PL/Perl

https://www.varonis.com/blog/cve-postgresql-pl/perl https://www.postgresql.org/support/security/CVE-

Nov 16

Nov 16

macOS Security Compromised: Novel Exploit Bypasses Sandbox Protections

https://github.com/jhftss/jhftss.github.io/blob/main/res/slides/A%20New%20Era%20of%20macOS%20Sandbox%

unread,

macOS Security Compromised: Novel Exploit Bypasses Sandbox Protections

https://github.com/jhftss/jhftss.github.io/blob/main/res/slides/A%20New%20Era%20of%20macOS%20Sandbox%

Nov 16

Nov 13

CISA Secure by Design Pledge

https://www.cisa.gov/sites/default/files/2024-05/CISA%20Secure%20by%20Design%20Pledge_508c.pdf Eyal

unread,

CISA Secure by Design Pledge

https://www.cisa.gov/sites/default/files/2024-05/CISA%20Secure%20by%20Design%20Pledge_508c.pdf Eyal

Nov 13

Nov 12

GitHub Enterprise SAML Authentication Bypass (CVE-2024-4985 / CVE-2024-9487)

https://projectdiscovery.io/blog/github-enterprise-saml-authentication-bypass Eyal Estrin CISSP, CCSP

unread,

GitHub Enterprise SAML Authentication Bypass (CVE-2024-4985 / CVE-2024-9487)

https://projectdiscovery.io/blog/github-enterprise-saml-authentication-bypass Eyal Estrin CISSP, CCSP

Nov 12

Nov 12

CISA, FBI, NSA, and International Partners - 2023 Top Routinely Exploited Vulnerabilities (AA24-317A)

https://www.cisa.gov/sites/default/files/2024-11/aa24-317a-2023-top-routinely-exploited-

unread,

CISA, FBI, NSA, and International Partners - 2023 Top Routinely Exploited Vulnerabilities (AA24-317A)

https://www.cisa.gov/sites/default/files/2024-11/aa24-317a-2023-top-routinely-exploited-

Nov 12

Nov 10

Malicious Python Package Typosquats Popular 'fabric' SSH Library, Exfiltrates AWS Credentials

https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library Eyal Estrin CISSP,

unread,

Malicious Python Package Typosquats Popular 'fabric' SSH Library, Exfiltrates AWS Credentials

https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library Eyal Estrin CISSP,

Nov 10

Nov 7

BlueVoyant Research Shows UK Companies Struggle to Prioritize and Reduce Supply Chain Cyber Security Risks

https://www.bluevoyant.com/press-releases/uk-companies-struggle-to-reduce-supply-chain-cyber-security

unread,

BlueVoyant Research Shows UK Companies Struggle to Prioritize and Reduce Supply Chain Cyber Security Risks

https://www.bluevoyant.com/press-releases/uk-companies-struggle-to-reduce-supply-chain-cyber-security

Nov 7

Nov 7

Four Steps to Balance Agility and Security in DevSecOps

https://devops.com/four-steps-to-balance-agility-and-security-in-devsecops/ Eyal Estrin CISSP, CCSP,

unread,

Four Steps to Balance Agility and Security in DevSecOps

https://devops.com/four-steps-to-balance-agility-and-security-in-devsecops/ Eyal Estrin CISSP, CCSP,

Nov 7

Search

Clear search

Close search

Google apps

Main menu