DevSecOps
N. Korean Famous Chollima Hackers Use Malicious npm Packages to Steal Data
Jeff Burt | | Contagious Interview, Famous Chollima, infostealer, linux, macOS, malicious npm packages, Microsoft Windows, Pastebin, remote access trojan (RAT), Socket, software developers, typosquattingA group of more than two dozen malicious npm packages used to steal secrets and credentials from software developers has all the hallmarks – from infrastructure to operations – of Famous Chollima, ...
Security Flaws in Anthropic’s Claude Code Risk Stolen Data, System Takeover
Jeff Burt | | AI API Security, AI coding risks, AI coding tools, AI developer tools, Anthropic Claude Code, Check Point, MCP protocol, Palo Alto Unit 42Three critical vulnerabilities found in Anthropic’s Claude Code agentic AI developer tool could be exploited simply by cloning and opening an untrusted project and lead to system takeover, stolen API keys, and ...
The Hidden Security Risks in Modern JavaScript Frameworks and How React Teams Can Reduce Them
Samuel Ogbonna | | client-side rendering security, client-side vulnerabilities, content security policy, Dependency Management, frontend attack surface, frontend security best practices, input validation, JavaScript dependencies, JavaScript security, JavaScript vulnerabilities, modern JavaScript frameworks, NPM security, React application security, React security risks, secure React development, SPA security, state management security, third-party libraries risk, web application security, XSS attacksReact and modern JavaScript frameworks accelerate development—but hide serious security risks. Learn where vulnerabilities come from and how to reduce client-side attack surfaces ...
Prompt Injection Isn’t Just a Chat Problem — It’s a DevOps Threat
Prompt injection is evolving into a serious DevOps threat, enabling AI agents to misuse tools, leak secrets and execute unauthorized actions unless governed with least privilege, sandboxing and human approval. ...
Survey Surfaces More Focus on Software Security Testing and API Security
A global survey of 828 enterprise IT professionals conducted by the Futurum Group finds well over a third of respondents expect their organization to increase spending on software security testing (39%) and ...
‘PackageGate’ Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses
Jeff Burt | | Aikido Security, Bun, Git dependency, github, Koi Security, microsoft, npm registry, PhantomRaven, PNPM, remote code execution, Shai-Hulud worm, supply chain attack, VLTIn the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world ...
Software Supply Chain Threats Are on the OWASP Top Ten—Yet Nothing Will Change Unless We Do
Joseph M. Saunders | | open source security, OWASP Top 10, SBoM, Software Supply Chain Security, supply chain attacksSoftware supply chain security is steadily moving to the forefront of cybersecurity conversations. In the past, it has been overshadowed by a focus on malware outbreaks, ransomware, endpoint protection, and application vulnerabilities ...
N. Korea Contagious Interview Campaign Turns to VS Code to Deliver Backdoor
Jeff Burt | | backdoors, Contagious Interview, Git repositories, github, information stealing, Jamf, North Korea, remote code executionJamf security researchers said state-sponsored espionage actors are using malicious VS Code projects to steal information ...
Security Controls That Slow Teams Are Usually Poorly Designed
Venkata Nedunoori | | Approval Processes, automation, continuous change, devops, Friction Reduction, Gates vs. Guardrails, Human Oversight, incident management, Metrics for Success, operational efficiency, Policy Compliance., risk management, Security Controls, Security Workflow, Trust in SecurityDiscover strategies to enhance security controls in DevOps, emphasizing the shift from gates to guardrails and the importance of designing around real workflows ...
DevSecOps In Digital Banking: Balancing Fast Releases With Regulatory Compliance
In the digital banking sector, fast releases of new features and security patches have become the norm. Unfortunately, many institutions lack the organization or the processes necessary to make the speed of ...
Cursor Allies with 1Password to Secure AI Coding Secrets
Cursor has partnered with 1Password to better protect secrets as applications are developed using an artificial intelligence (AI) coding tool. Nancy Wang, senior vice president and head of engineering for 1Password, said ...
Importance of Observability in the DevSecOps Pipeline: Enhancing Security, Compliance, and Collaboration
In today's rapidly developing software world, security cannot be an afterthought. DevSecOps, the integration of security practices into every phase of DevOps, requires continuous monitoring and actionable insights to detect and mitigate ...
