Browsing Category
Application Security
21 posts
News, research, and expert insight on Application Security (AppSec); from secure coding and API protection to software supply chain defense.
Cisco Confirms Third SD-WAN Manager Zero-Day of 2026
Cisco warns of a high-severity flaw in its SD-WAN Manager, enabling attackers with netadmin access to gain root control.
Creative Soundbar Hack Hits a Bad Note
Turn it up to pwned. No authentication, no pairing, no physical access — just a custom firmware pushed over Bluetooth and a Katana V2X that now spies, types, and won't easily forget how.
Critical Adobe Acrobat Flaw Exploited: What You Need to Know
Exodus Intelligence published a full exploit chain for an Acrobat Reader memory flaw, showing how a malicious PDF could bypass several Windows defenses on 32-bit systems.
Sonatype: Open Source Malware Has Moved Beyond Typosquatting
Sonatype's report reveals that attackers craft misleading open-source packages, exploiting familiarity to access developer data, emphasizing the need for cautious dependency management.
‘Malware-Slop’ npm Package Targets Claude AI User Files
OX Security said a malicious npm package tried to steal files from Claude user workspaces and upload them to GitHub.
Innovating Beyond the Security Bottleneck
Replica Cyber CEO Kris Schroeder says security teams need a safer way to support high-risk work as businesses turn to exceptions, workarounds and isolated environments to keep innovation moving.
Attackers Turned Trusted Developer Updates Into a Credential Trap
A supply-chain campaign hit trusted developer tools and package registries, exposing how quickly poisoned updates can steal cloud, code and CI/CD credentials.
The App You Forgot About Is Still Reading Your Email
AI agents are multiplying your OAuth footprint. A forgotten "Allow" click is all it takes. Here's what's at risk — and how to check your own exposure right now.
Critical AI Red-Team Scanner Flaw Revives an Old Security Lesson
The new AI security stack is still software — often privileged software handling credentials, API keys, model endpoints and tenant data.
The OAuth Access was Approved. But the AI Agent Chaos was Not
As AI agents move across email, calendars, Slack and business apps, OAuth’s old bargain—limited access without passwords—is being stress-tested by autonomous workflows few companies can fully see.