DevSecOps
‘PackageGate’ Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses
Jeff Burt | | Aikido Security, Bun, Git dependency, github, Koi Security, microsoft, npm registry, PhantomRaven, PNPM, remote code execution, Shai-Hulud worm, supply chain attack, VLTIn the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world ...
Software Supply Chain Threats Are on the OWASP Top Ten—Yet Nothing Will Change Unless We Do
Joseph M. Saunders | | open source security, OWASP Top 10, SBoM, Software Supply Chain Security, supply chain attacksSoftware supply chain security is steadily moving to the forefront of cybersecurity conversations. In the past, it has been overshadowed by a focus on malware outbreaks, ransomware, endpoint protection, and application vulnerabilities ...
N. Korea Contagious Interview Campaign Turns to VS Code to Deliver Backdoor
Jeff Burt | | backdoors, Contagious Interview, Git repositories, github, information stealing, Jamf, North Korea, remote code executionJamf security researchers said state-sponsored espionage actors are using malicious VS Code projects to steal information ...
Security Controls That Slow Teams Are Usually Poorly Designed
Venkata Nedunoori | | Approval Processes, automation, continuous change, devops, Friction Reduction, Gates vs. Guardrails, Human Oversight, incident management, Metrics for Success, operational efficiency, Policy Compliance., risk management, Security Controls, Security Workflow, Trust in SecurityDiscover strategies to enhance security controls in DevOps, emphasizing the shift from gates to guardrails and the importance of designing around real workflows ...
DevSecOps In Digital Banking: Balancing Fast Releases With Regulatory Compliance
In the digital banking sector, fast releases of new features and security patches have become the norm. Unfortunately, many institutions lack the organization or the processes necessary to make the speed of ...
Cursor Allies with 1Password to Secure AI Coding Secrets
Cursor has partnered with 1Password to better protect secrets as applications are developed using an artificial intelligence (AI) coding tool. Nancy Wang, senior vice president and head of engineering for 1Password, said ...
Importance of Observability in the DevSecOps Pipeline: Enhancing Security, Compliance, and Collaboration
In today's rapidly developing software world, security cannot be an afterthought. DevSecOps, the integration of security practices into every phase of DevOps, requires continuous monitoring and actionable insights to detect and mitigate ...
Attackers Testing New Strain of Shai-Hulud on npm: Aikido
Jeff Burt | | Aikido Security, GitHub repositories, information stealing, JavaScript, leaked secrets, npm registry, Shai-Hulud wormThreat actors behind the virulent Shai-Hulud worm that wreaked havoc in open npm repositories toward the end of 2025 apparently are trying out a new strain that comes with slight modifications. Security ...
Surprise! Everybody Uses AI Tools for Software Development, Few Do So Securely
Teri Robinson | | AI security, AI-generated code, appsec, code security automation, Dependency Management, devsecops, SBoM, secure coding, software supply chain riskAI is generating code faster than teams can secure it, widening software supply chain risk and exposing major gaps in AppSec and governance ...
Crates.io Removes Malicious Rust Package Targeting Web3 Developers
Jeff Burt | | cryptocurrency, Cybersecurity, Ethereum Virtual Machine, Rust programming, supply chain attackA malicious Rust package that was found to be downloading payloads aimed at stealing cryptocurrency was removed from the crates.io Rust package registry, along with another package by the same author that ...
It’s Time to Rethink Access Control for Modern Development Environments
As development environments evolve at breakneck speed, our approach to securing them remains stuck in the past. I've watched countless organizations implement robust Identity and Access Management (IAM) solutions, deploy Identity Governance ...
What Fuels AI Code Risks and How DevSecOps Can Secure Pipelines
Nitin Garg | | AI code risks, AI code security, devsecops, SBoM, secure pipeline, zero-trust securityModern development teams are under constant pressure to deliver fast, innovate continuously, and stay clear of security threats; all at the same time. Every new feature, every accelerated release, carries the hidden ...
