Appsec adventures

Endor Labs secured $93M Series B funding due to demand for its software supply chain security platform, which tackles dependency risks and SBOM generation. Growth stems from regulatory trends and enterprise adoption, with plans to integrate AI and improve dev workflows.   https://www.endorlabs.com/learn/why-we-raised-a-93m-series-b-in-this-market

BSides SF 2025 featured an AI tool that scans OSS for "shadow patches"—undisclosed fixes that hide vulnerabilities. The system parses code changes and forums to uncover risks, like a stealth Redis patch. Goal: Close the transparency gap in OSS maintenance.   https://www.scworld.com/news/bsides-sf-using-ai-to-spot-shadow-patches-in-open-source-software

Cyber vulnerability stats for 2025 show surging zero-days, cloud misconfigurations, and supply chain attacks. Ransomware rose 25%, while human error (phishing, weak passwords) drove 90% of breaches. Solutions include Zero Trust, MFA, and vendor audits.   https://www.coolest-gadgets.com/cyber-security-vulnerability-statistics/

The Hacker News analyzes five breaches caused by misconfigurations, phishing, unpatched software, third-party risks, and leaked credentials. Each case underscores preventable failures, urging better hygiene (MFA, patching, vendor audits) to stop common attack paths.   https://thehackernews.com/2025/04/how-breaches-start-breaking-down-5-real.html

Minimus, a new appsec startup, exits stealth with $51M to reduce cloud software risks. Its tools automate vulnerability fixes in CI/CD pipelines, focusing on Kubernetes and serverless environments. Investors bet on its preemptive approach to securing modern cloud apps.   https://siliconangle.com/2025/04/28/application-security-startup-minimus-debuts-51m-reduce-cloud-software-vulnerabilities/

Arnica’s platform promotes developer-led security by automating vulnerability fixes in CI/CD pipelines, analyzing team security behaviors, and ensuring compliance. It aims to reduce friction while hardening code pre-production. https://www.benzinga.com/partner/general/25/04/44896628/security-champions-with-arnica-is-elevating-modern-workflow

The New Stack critiques open-source and container security as inherently flawed, citing supply chain attacks, weak defaults, and inadequate tooling. Solutions like SBOMs, memory-safe languages, and policy-as-code are urged to replace today’s patchwork fixes.   https://thenewstack.io/open-source-and-container-security-are-fundamentally-broken/

IBM will invest $150 billion in the U.S. over five years, targeting AI, quantum computing, semiconductors, and workforce training. The initiative aims to boost tech leadership, domestic chip production, and job creation, aligning with federal priorities like the CHIPS Act.   https://www.investopedia.com/ibm-to-invest-usd150b-in-us-over-next-five-years-11723096

Bruce Schneier critiques AI hype, noting its dual-use risks, and condemns NSA surveillance as outdated. He highlights regulatory failures, human errors, and quantum threats as core challenges, urging actionable fixes like vendor liability laws and better default security.   https://www.scworld.com/news/bruce-schneier-ai-hype-nsa-surveillance-and-cybersecuritys-real-challenges

TechTarget outlines steps to build a CBOM, including component discovery, vulnerability mapping, and risk scoring. Tools like SCA scanners and SBOM standards (SPDX) help automate the process, ensuring compliance and supply chain security.   https://www.techtarget.com/searchsecurity/tip/How-to-create-a-CBOM

At RSAC 2025, Cisco announced AI-powered security tools, including an AI-native firewall, SOC assistant, and cloud copilot. These focus on preemptive threat blocking, automated incident response, and identity protection. The goal: Help overburdened teams combat advanced attacks faster.   https://www.channelfutures.com/artificial-intelligence/rsac-2025-cisco-debuts-latest-ai-security-innovations

At RSAC 2025, experts warned that Secure by Design adoption remains uneven despite its importance. Challenges include profit-driven development cycles and weak enforcement. Solutions proposed include stricter regulations, vendor liability reforms, and cultural shifts in tech education. The message: The industry must act collectively to make security foundational. https://www.scworld.com/news/secure-by-design-at-rsac-2025-experts-warn-were-not-winning-yet-but-we-could

A GovInfoSecurity piece reports skyrocketing demand for container security experts due to Kubernetes adoption and cloud migration. The talent shortage leaves organizations competing for professionals skilled in runtime protection, IaC security, and compliance. Certifications (e.g., CKS) and tools (Falco, OPA) are critical for career growth, with no slowdown in demand expected.   https://www.govinfosecurity.com/blogs/container-security-experts-are-in-such-high-demand-p-3861

The NCSC's blog explores advanced cryptography like Fully Homomorphic Encryption (FHE), Multi-Party Computation (MPC), and Zero-Knowledge Proofs (ZKPs) to improve data privacy. These methods enable secure cloud processing, confidential data collaboration, and private verification but face hurdles in performance and standardization. The NCSC advocates for further development to bridge theoretical potential with practical security demands.   https://www.ncsc.gov.uk/blog-post/advanced-cryptography-new-approaches-to-data-privacy

A Node.js Security blog post details migrating authentication from Lucia to Better Auth, citing Better Auth’s stronger security (e.g., anti-CSRF, brute-force protection) and scalability. Steps include updating session management, migrating user data securely, refactoring APIs, and post-migration testing. The switch balances security and performance for production-ready apps. https://www.nodejs-security.com/blog/nodejs-authentication-migration-from-lucia-to-better-auth/

Wired examines the financial struggles of the CVE Program, which catalogs software vulnerabilities but faces inconsistent funding despite its critical role. A recent $16 million CISA grant offers temporary relief, but experts warn that long-term underfunding could delay vulnerability tracking and create security gaps. Disputes over control between MITRE and CISA further complicate the program's future. The article stresses how this instability risks undermining global cybersecurity efforts.   https://www.wired.com/story/cve-program-cisa-funding-chaos/

SecurityBrief covers Checkmarx One's new feature that integrates cloud security tools directly into IDEs (e.g., VS Code, JetBrains). Developers can now scan infrastructure-as-code (IaC), detect secrets leaks, and identify cloud misconfigurations in real-time while coding. The tool supports Terraform, Kubernetes, and AWS CloudFormation, with compliance checks for security benchmarks. This shift-left approach embeds security into developer workflows to reduce risks early.   https://securitybrief.co.nz/story/checkmarx-one-brings-cloud-security-tools-directly-into-ides

In his blog post "CVE Futures," Adam Shostack explores the evolving role of the Common Vulnerabilities and Exposures (CVE) system in the context of modern cybersecurity challenges. He emphasizes the need to enhance the CVE program to better support public health-oriented cybersecurity strategies. Shostack suggests that the CVE system should not only catalog vulnerabilities but also provide actionable insights that can inform risk assessments and mitigation strategies. By doing so, the CVE program can serve as a more effective tool for organizations aiming to improve their cybersecurity posture and resilience against emerging threats. https://shostack.org/blog/cve-futures/

  The Hacker News article discusses a critical vulnerability (CVE-2025-24859) in Apache Roller, a Java-based blogging platform. The flaw enables remote code execution (RCE), allowing attackers to compromise servers running unpatched versions. Affected systems should restrict access or disable Roller until a fix is available. Apache Roller is widely deployed, increasing the urgency for mitigation. Administrators are advised to watch for updates and patch immediately. https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html

The article "CISOs Rethink Hiring to Emphasize Skills Over Degrees and Experience" from CSO Online discusses a significant shift in cybersecurity hiring practices, where Chief Information Security Officers (CISOs) are moving away from traditional requirements of formal degrees and extensive experience. Instead, there's a growing emphasis on a skills-first approach, focusing on candidates' problem-solving abilities, communication skills, and technical competencies relevant to the role. This change is driven by persistent talent shortages and the recognition that many capable professionals enter the field through non-traditional paths, such as military service or self-directed learning. However, the transition to skills-based hiring is complex and requires more than just altering job descriptions; it demands a comprehensive reevaluation of recruitment and assessment processes to effectively identify and integrate diverse talents into cybersecurity teams.  https://www.cs...

The article "Two Ways AI Hype Is Worsening the Cybersecurity Skills Crisis" from CSO Online highlights how the rapid adoption of AI technologies is exacerbating existing challenges in the cybersecurity workforce. Security professionals are now expected to both govern the use of AI within their organizations and integrate AI tools into their workflows, often without adequate training or resources. This dual responsibility increases pressure on already overstretched teams, contributing to a widening skills gap. Despite these challenges, AI adoption continues to surge, with 98% of organizations either implementing or planning to implement AI solutions. The article underscores the need for comprehensive training and support to ensure that cybersecurity teams can effectively manage and leverage AI technologies without compromising security. https://www.csoonline.com/article/3958818/two-ways-ai-hype-is-worsening-the-cybersecurity-skills-crisis.html

The article announces that Coana, a software supply chain security company, has joined Socket, a developer-first security platform. This strategic move aims to enhance software dependency analysis and threat detection capabilities by combining Coana's deep code analysis with Socket's proactive security approach. The integration will provide developers with improved tools to identify and mitigate risks in open-source dependencies, focusing on detecting malicious packages, vulnerable code, and supply chain attacks. The collaboration reflects the growing importance of securing the software supply chain and helping developers build safer applications more efficiently. The article positions this partnership as a significant step forward in dependency security and threat prevention.  https://www.coana.tech/resources/article/coana-joins-socket

SafeDep's analysis of over 5,500 malicious open-source packages, sourced from Datadog's dataset, reveals concerning trends in software supply chain threats. The study found that 96.2% of these packages were flagged as malicious by SafeDep's scanning engine, with 71.9% exhibiting high-confidence detections. The majority (64%) originated from npm, followed by PyPI at 35%. Notably, 90% of these malicious packages were under 10KB in size, highlighting the compact nature of such threats. Common tactics included exfiltration via Burp Collaborator and pre-install command execution in npm scripts. Additionally, 44 typosquatting attempts were identified, targeting popular libraries like 'express' and 'django'. The analysis utilized YARA rules to identify recurring patterns, aiding in the detection of similar threats in the future. https://safedep.io/malysis-evaluation-using-datadog-malicious-packages-dataset

The blog post "Kubernetes for Pentesters - Part 1" on TrustedSec provides an introductory guide for penetration testers working with Kubernetes. It explains core Kubernetes components like pods, nodes, deployments, and services, focusing on their security implications. The article identifies common attack vectors such as misconfigured kubelets, exposed dashboards, and vulnerable API servers. It introduces essential tools for testing including kubectl and kube-hunter, while emphasizing critical security aspects like RBAC configuration, secrets management, and network policies. This first part lays the groundwork for understanding Kubernetes security before exploring actual exploitation methods in future installments. The content is tailored to help security professionals begin assessing Kubernetes environments effectively.  https://trustedsec.com/blog/kubernetes-for-pentesters-part-1

The Semgrep "Let Them Build" initiative emphasizes the importance of empowering developers to integrate security seamlessly into their workflows. Rather than imposing restrictive measures, it advocates for the implementation of guardrails that guide developers towards secure coding practices without hindering their progress. By focusing on real-world impact, leveraging AI to automate mundane tasks, and prioritizing early detection of issues during the build phase, Semgrep aims to create a security culture where developers can innovate confidently. The platform's adaptability ensures that security measures are tailored to the unique needs of each development team, fostering an environment where security is an enabler, not a barrier. https://semgrep.dev/build

The article "Understanding Cyber Market Failures" from Lawfare discusses the need for a deeper understanding of market failures in cybersecurity to inform effective regulation. It identifies four key types of market failures: information asymmetries, negative externalities, market power, and public goods. The authors argue that current literature is insufficient to guide policymakers and propose that addressing these failures through regulation can enhance competition without compromising cybersecurity or operational resilience. They emphasize the importance of transparency, mandatory reporting, and clear definitions to bridge the gap between business interests and societal needs in the cyber domain https://www.lawfaremedia.org/article/understanding-cyber-market-failures

The blog post "Kube-Policies: Guardrails for Apps Running in Kubernetes" from Square discusses their approach to implementing security guardrails in Kubernetes environments. Recognizing that Kubernetes' default configurations prioritize rapid deployment over security, Square transitioned from Pod Security Policies (PSPs) to a more flexible solution using the Open Policy Agent (OPA). Their custom framework, kube-policies, addresses the unique challenges of their diverse client platforms by incorporating features such as policy promotion processes, minimal user disruption, robust testing frameworks, exception management, extensibility, observability, and strong security practices. This approach aims to guide innovation securely without compromising speed, ensuring that security becomes a facilitator rather than a barrier in cloud computing. https://developer.squareup.com/blog/kube-policies-guardrails-for-apps-running-in-kubernetes

The blog post simulates a Kubernetes attack chain to evaluate cloud security tools, demonstrating tactics like container escape, token exfiltration, and reverse shell creation. It triggers over 20 security findings, such as DNS tunneling, code execution, and suspicious process activity. The simulation helps security teams identify detection gaps and test mitigations like restricted token mounts and enhanced security policies. All artifacts are collected for further analysis, and the tool should be used responsibly in controlled environments. https://bsssq.xyz/posts/kube/

The Datadog State of DevSecOps 2024 report reveals that many organizations are still not fully embracing automation in cloud security. It highlights that 38% of AWS users still perform manual deployments, increasing risk. While 71% of AWS users use infrastructure as code (IaC), only 55% of Google Cloud users do the same. The report notes a rise in software supply chain attacks via malicious packages in public repositories like PyPI and npm. Long-lived credentials remain a concern, especially in CI/CD pipelines like GitHub Actions. Java applications are especially vulnerable to third-party library issues, with 90% affected by at least one critical or high-severity vulnerability. Automated scanners generate many alerts, but very few result in real threats, making context-based threat prioritization essential. https://www.datadoghq.com/state-of-devsecops

JJWT is an open-source Java library for creating and verifying JSON Web Tokens (JWT) and JSON Web Keys (JWK). It is maintained by the community and implements the IETF JOSE specifications, including RFCs 7515 to 7519. The library supports generating signed (JWS) and encrypted (JWE) tokens, as well as handling keys in the JWK format. It is written entirely in Java with no mandatory external dependencies, making it suitable for both Java and Android applications. It is licensed under Apache 2.0. To use it in Maven projects, you include the jjwt-api dependency, along with optional modules like jjwt-impl or jjwt-jackson depending on your needs.   https://github.com/jwtk/jjwt

Docker Scout is a security tool designed to enhance container image analysis by not only detecting vulnerabilities but also providing actionable remediation guidance. It offers both graphical and command-line interfaces, allowing users to scan images, compare versions, and receive recommendations for updates. By associating identified risks with specific patches and updated base images, Docker Scout simplifies the process of securing containerized applications.   https://thenewstack.io/advanced-docker-scout-use-cases-security-insights-recommendations-and-remediation/

A recent report by ReversingLabs highlights a new tactic employed by cybercriminals involving malicious open-source software packages that apply Trojanized patches to legitimate software already installed on users' machines. One such package, "pdf-to-office," was found on the npm repository, masquerading as a tool for converting PDFs to Office documents. Upon execution, it ran an obfuscated JavaScript file named "pdftodoc," which searched for popular cryptocurrency wallets like Atomic and Exodus. If detected, it replaced legitimate files with compromised versions, effectively compromising the user's system. This approach allows attackers to bypass traditional defenses by targeting trusted software post-installation, marking a shift in software supply chain attack strategies.   https://www.darkreading.com/cloud-security/open-source-poisoned-patches-infect-local-software

The National Institute of Standards and Technology (NIST) has acknowledged a significant backlog in processing vulnerabilities within its National Vulnerability Database (NVD). This backlog has resulted from a combination of factors, including an increase in software vulnerabilities and changes in interagency support. To address this issue, NIST is reallocating personnel and enhancing collaboration with other government agencies. Additionally, NIST is establishing an industry consortium to assist in developing the NVD, aiming to improve its operations and tools. These efforts are part of a broader plan to modernize the NVD, including adopting new software identification methods and automating CVE analysis activities.   https://www.infosecurity-magazine.com/news/nvd-revamps-operations-cve-surge/

STRIDE GPT is an AI-powered threat modeling tool that uses large language models to automate threat modeling and attack tree creation. It applies the STRIDE methodology to identify vulnerabilities, generate attack trees, and suggest mitigations. The tool supports multimodal inputs like diagrams and integrates DREAD risk scoring. It offers flexibility with AI models from OpenAI, Google, and others, and ensures data privacy with locally hosted models. Recent updates include GitHub repository analysis and the generation of Gherkin test cases, helping bridge the gap between threat modeling and testing. https://cybersecuritynews.com/stride-gpt-ai-powered-tool/

The article discusses how a misconfigured Amazon S3 bucket policy can unintentionally expose data to the public. It explains that AWS evaluates access permissions by first applying any explicit deny, then checking resource-based policies, and finally evaluating identity-based policies. This order means that if a resource-based policy allows access and there is no explicit deny, access is granted even if the identity-based policy does not explicitly allow it. A common mistake involves setting a bucket policy with a wildcard principal and permissive actions, which can expose all data in the bucket. The article emphasizes the importance of using AWS’s Block Public Access settings, auditing policies carefully, and applying explicit denies to avoid accidental data exposure.  https://slaw.securosis.com/p/accidentally-expose-all-your-stuff-on-s3-with-a-bucket-policy

Kondukto-io is a GitHub organization that develops open-source tools for managing application security in DevSecOps environments. Their CLI tool, kdt, allows users to interact with the Kondukto platform to manage projects and security scans. Kntrl is a runtime agent using eBPF to monitor and block suspicious system behavior during pipeline execution. Webhook-issue-manager connects Kondukto to external issue trackers through webhooks, automating issue creation and updates. Migrongo handles MongoDB schema migrations using JavaScript and mongosh. Semgrep-rules offers custom static analysis rules to identify security vulnerabilities in code. These tools aim to automate and streamline security across the software development lifecycle. https://github.com/kondukto-io/

ReARM, or "Reliza's Awesome Release Manager," is a DevSecOps and supply chain security tool developed by Reliza to help organize product releases. It manages release metadata, including Software Bills of Materials (SBOMs) and xBOMs. ReARM stores xBOMs on OCI-compatible storage through Reliza's Rebom project, ensuring reliability and compatibility. The tool integrates with a command-line interface (CLI) for user interaction and offers documentation for setup and usage. A public demo of ReARM's features is available online. Released under the AGPL-3.0 license, ReARM is open for use and contribution on GitHub.  https://github.com/relizaio/rearm

Semgrep has introduced an open-source Model Context Protocol (MCP) server that integrates with any MCP-compatible IDE, such as Cursor. This server enables Large Language Models (LLMs) to utilize Semgrep's static analysis capabilities directly within coding environments, allowing models to assess the safety, quality, and security of generated code in real-time. This integration aims to streamline the development process by providing immediate feedback and remediation suggestions, enhancing both productivity and code security.   https://semgrep.dev/blog/2025/giving-appsec-a-seat-at-the-vibe-coding-table

A recent study titled "Large Language Models are Unreliable for Cyber Threat Intelligence" critically examines the application of Large Language Models (LLMs) in automating Cyber Threat Intelligence (CTI) tasks. The research presents an evaluation methodology that assesses LLMs using zero-shot learning, few-shot learning, and fine-tuning approaches, focusing on their consistency and confidence levels. Experiments conducted with three state-of-the-art LLMs on a dataset of 350 CTI reports reveal that LLMs struggle with real-sized reports, exhibiting inconsistent performance and overconfidence. While few-shot learning and fine-tuning offer limited improvements, the findings raise concerns about relying on LLMs for CTI, especially in scenarios lacking labeled datasets where confidence is crucial.   https://arxiv.org/abs/2503.23175

Jaguar Land Rover (JLR) and Asda have shared insights into building a modern DevSecOps culture by emphasizing the integration of security within development processes. Both companies highlight the importance of involving developers in selecting tools and processes, with JLR adopting Snyk’s platform for better codebase visibility and vulnerability management, and Asda fostering collaboration for seamless tool integration. They stress the need to clearly communicate the benefits of new tools to developers, address their pain points, and simplify the onboarding process for smooth adoption. Additionally, fostering collective learning through forums like JLR’s DevSecOps Guild accelerates maturity by promoting knowledge-sharing and continuous improvement. These strategies contribute to effective, secure software development practices. https://www.computing.co.uk/sponsored/2025/how-to-build-a-modern-devsecops-culture-lessons-from-jaguar-land-rover-and-asda

The National Institute of Standards and Technology (NIST) has announced that all Common Vulnerabilities and Exposures (CVEs) published before January 1, 2018, will now be marked with a "Deferred" status within the National Vulnerability Database (NVD). This change aims to optimize resources by focusing on newer vulnerabilities amid a significant increase in reported security issues. CVEs labeled as "Deferred" will display a banner indicating this status, and while NIST will not prioritize updates for these older records, it will still review and process requests for metadata updates as resources allow. Notably, vulnerabilities listed in the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog will continue to receive attention regardless of their publication date.   https://gbhackers.com/nist-declares-pre-2018-cves-will-be-labeled-as-deferred

OWASP Faction is a comprehensive penetration testing (pentesting) report generation and collaboration framework designed to streamline security assessments. It offers features such as automated report creation, peer review capabilities, customizable DOCX templates, real-time collaboration through a web application and Burp Suite extensions, and a library of over 75 prepopulated vulnerability templates. The platform also includes tools for managing assessment teams, tracking remediation efforts with custom SLA alerts, and provides a full REST API for integration with other tools. Additional functionalities encompass LDAP and OAuth2.0 integration, SMTP support, and an extendable architecture with custom plugins. OWASP Faction aims to enhance the efficiency and effectiveness of security assessment workflows.   https://owasp.org/www-project-faction/

JC Herz, vice president for cyber supply chain at Exiger, emphasizes the importance of integrating Software Bill of Materials (SBOM) practices into federal procurement by educating contracting officials on supply chain transparency. She suggests that enhancing domain expertise within agencies can facilitate SBOM adoption without necessitating additional regulations. Herz advocates for workforce training to build supply chain expertise at the contract level, aiming to improve cybersecurity through informed procurement processes.   https://insidecybersecurity.com/daily-news/sbom-advocate-calls-trump-administration-build-supply-chain-expertise-contract-level

Arnica has introduced the "Security Champions with Arnica" feature, aiming to enhance collaboration between application security (AppSec) and development teams. This initiative focuses on integrating security practices within the software development lifecycle by designating security champions within development teams. These champions act as liaisons, promoting security awareness and best practices among their peers. The feature offers tools and resources to support these individuals in identifying and mitigating security risks early in the development process, ultimately fostering a culture of shared responsibility for security across both AppSec and development teams.  https://www.kron4.com/business/press-releases/ein-presswire/799828586/arnica-launches-security-champions-with-arnica-feature-for-appsec-and-dev-teams/

The article "Tariff Wars: The Technology Impact" from GovInfoSecurity examines the repercussions of U.S.-imposed tariffs on Chinese imports, particularly within the technology sector. It highlights that these tariffs have led to increased costs for essential components like semiconductors and batteries, which are integral to various tech products. This escalation in expenses has prompted companies to seek alternative suppliers, potentially compromising product quality and security. Furthermore, the article discusses how these trade tensions have spurred China to accelerate its technological advancements, aiming for self-reliance in critical areas such as semiconductor production. This shift could reshape global tech dynamics and influence cybersecurity strategies.  https://www.govinfosecurity.com/blogs/tariff-wars-technology-impact-p-3849

Traditional Software Composition Analysis (SCA) tools often produce numerous false positives and occasionally false negatives. This issue arises because these tools typically rely solely on package manager data, which may not account for all dependencies, especially transitive ones. Consequently, they might overlook indirect dependencies or misclassify the scope of certain dependencies, leading to inaccurate assessments. To enhance accuracy, it's essential to treat source code as a primary data source, enabling a more comprehensive understanding of actual code usage and dependencies.   https://www.endorlabs.com/learn/why-are-all-sca-tools-wrong

Integrating security tasks into DevOps processes can introduce challenges, notably concerns about potential slowdowns. Some argue that security measures may impede the rapid development cycles characteristic of DevOps by introducing additional steps and scrutiny. However, neglecting security can lead to significant risks, including data breaches and compliance issues. Striking a balance is crucial; incorporating security measures early in the development process, known as DevSecOps, can help identify and address vulnerabilities without significantly hindering development speed. This approach aims to integrate security seamlessly, ensuring that security tasks do not unduly slow down DevOps workflows.  https://www.digit.fyi/are-security-tasks-slowing-down-devops/

SandboxAQ's Hamming Quasi-Cyclic (HQC) algorithm has been selected by the National Institute of Standards and Technology (NIST) as the fifth post-quantum cryptographic (PQC) standard. This selection underscores SandboxAQ's leadership in developing quantum-resistant encryption solutions. HQC is a key encapsulation mechanism designed to secure encryption key exchanges against quantum computing threats. Unlike traditional public-key encryption systems such as RSA and elliptic-curve cryptography, which quantum computers can potentially break, HQC is based on error-correcting codes, offering robust security. Its efficient performance and balanced key size make it suitable for real-world applications. This marks SandboxAQ's second contribution to NIST's PQC standards, following the inclusion of SPHINCS+ in 2022, reinforcing its role in shaping global quantum-safe cybersecurity standards.   https://www.biometricupdate.com/202504/sandboxaq-quantum-resistant-encryption-algorithm...

Ken Huang's "Secure Vibe Coding Guide" emphasizes the importance of integrating security into the software development lifecycle. The guide provides best practices for writing secure code, including input validation, proper authentication mechanisms, and secure data storage techniques. It also highlights the necessity of regular code reviews and staying updated with the latest security vulnerabilities and patches. By following these guidelines, developers can create applications that are resilient against common security threats and contribute to a safer digital environment.  https://kenhuangus.substack.com/p/secure-vibe-coding-guide

Microsoft has announced an expansion of its Security Copilot platform by introducing AI-powered agents designed to autonomously assist with critical security tasks such as phishing detection, data security, and identity management. citeturn0search0 These agents aim to help security teams manage high-volume tasks more efficiently, integrating seamlessly with Microsoft Security solutions. In addition to these agents, Microsoft is enhancing phishing protection in Microsoft Teams by improving defenses against malicious URLs and attachments through Microsoft Defender for Office 365.   https://www.microsoft.com/en-us/security/blog/2025/03/24/microsoft-unveils-microsoft-security-copilot-agents-and-new-protections-for-ai

The ATT&CK Evaluations Library provides adversary emulation plans used in ATT&CK Evaluations, replicating real-world breaches by specific threat actors. These plans outline cyber threat intelligence, detailing an adversary's targets, methods, and objectives. Each plan follows an operational flow illustrating how adversaries achieve their goals within victim environments. Execution content is available in both human and machine-readable formats, supporting manual execution or automation with tools like CALDERA. The library includes emulation plans for groups such as ALPHV BlackCat, APT29, Carbanak, CL0P, DPRK, FIN7, LockBit, menuPass (APT10), OilRig, Sandworm, Turla, Wizard Spider, and Blind Eagle. These plans help organizations better understand and prepare for real-world cyber threats.  https://attackevals.github.io/ael/

Container image signing and runtime verification are essential for securing the software supply chain in containerized environments. By cryptographically signing container images during the build process and verifying them at runtime, organizations can ensure only trusted images are deployed, reducing the risk of supply chain attacks. Image signing involves generating a unique signature using a public key algorithm during continuous integration, which is then verified before deployment to maintain integrity and authenticity. Companies like Google and Datadog use these practices to enhance software supply chain security by establishing cryptographic provenance for container images. Implementing image signing in container runtimes like containerd and CRI-O, or using cloud services like AWS Signer, helps organizations strengthen the security and integrity of their containerized applications.  https://www.datadoghq.com/blog/container-image-signing

SecureCodeBox is an open-source, Kubernetes-based toolchain designed for continuous security scanning of software projects. It automates security-testing tools to detect vulnerabilities early in the development process. By integrating SecureCodeBox, teams can identify and address common security issues, allowing penetration testers to focus on more complex challenges. While it enhances automated security testing, it does not replace comprehensive assessments by experienced security professionals. The project is actively maintained, with recent updates introducing ARM support for specific scanners, bug fixes, and dependency updates.  https://github.com/secureCodeBox/secureCodeBox