Appsec adventures

The PKI Consortium is inviting submissions for the Post-Quantum Cryptography (PQC) Conference 2025, scheduled for October 28–30 in Kuala Lumpur, Malaysia. This hybrid event will convene global experts to discuss the implementation and strategic aspects of PQC, with a focus on real-world applications and Asia-Pacific leadership.   https://pkic.org/2025/05/07/call-for-abstracts-pqc-conference-2025-kuala-lumpur-malaysia/

CoinGecko’s guide explains how to build a honeypot checker to detect scam tokens on the Solana blockchain. Honeypots are deceptive tokens that appear tradable but prevent users from selling. The process involves checking for mint and freeze authority, verifying the program owner, and simulating a sell route using Jupiter. Developers can enhance detection with CoinGecko’s API, which provides liquidity data and security filters. The tutorial requires Node.js, a Solana RPC gateway, and CoinGecko API access. This tool helps developers protect users from malicious tokens. https://www.coingecko.com/learn/build-honeypot-checker

  A recent study has revealed that GitLab's AI-powered coding assistant can be manipulated to produce malicious code, even when initially provided with safe inputs. This vulnerability arises from the AI's susceptibility to prompt injection attacks, where attackers subtly alter prompts to influence the AI's output. Key Findings: Prompt Injection Vulnerability: Researchers demonstrated that by embedding malicious instructions within seemingly benign prompts, they could coerce the AI assistant into generating harmful code snippets. Stealthy Manipulation: The malicious prompts were crafted to appear innocuous, making it challenging for developers to detect the underlying threat. Potential for Widespread Exploitation: Given the AI assistant's integration into development workflows, such vulnerabilities could be exploited to introduce backdoors or other security flaws into software projects. Implications: This discovery underscores the need for rigorous secu...

Claws is an open-source static analysis tool developed by Betterment to enhance the security and reliability of GitHub Actions workflows. Inspired by tools like RuboCop, Claws allows developers to define custom rules using simple Ruby classes and an expression language to detect undesirable patterns in workflows. These rules can be applied at various levels of a workflow, including the workflow, job, and step levels. Key features of Claws include: Custom Rule Definition: Developers can create rules using an expression language, enabling the detection of specific anti-patterns without writing complex logic. Runtime Configurability: Rules can incorporate variables populated at runtime, allowing for flexible and dynamic analysis based on user-provided configurations. Testing Support: Claws integrates with RSpec, providing helpers to write test cases that ensure rules function as intended and continue to detect known issues after modifications. Easy Integration: Distribute...

Most of the insights are pretty obvious (at least for me) but it's nice to notice that the LLM could detect some of them. What it seems to be going up AI and LLMs Alert fatigue and vulnerability management (because NVD) Automation Metrics Cloud and container security What it seems to be going down (or maybe I am not paying much attention) Mobile Acquisitions (maybe they are more frequent in the 2nd half of the year) My main sources (not including newsletters, slack groups) Hacker news Dark Reading Companies blogs GovInfoSecurity Linkedin A source type I'd like to use more are podcasts. I just don't do it because I haven't found a way to quickly summarize them. I love podcasts, I would really like to spend more time listening to them, but I simply don't have time. They are too many and each one has 1 or 2 hours.  Another source I hope I can add here are books and scientific papers. I read a lot of reports from linkedin, not all of them have a serious methodology, mos...

So I've reached 500 posts here. The facts. I've started this in September The average posts per month decreased from 70-80 to 40 I do this job each 1 or 2 weeks I could not do my job without chatgpt and deepseek I could not do my job without linkedin, newsletters and thunderbird (RSS feeds) It's not very popular, I know. I will try to provide some analysis of the contents soon.

Chainguard has launched Chainguard Libraries for Python, a curated set of Python packages built entirely from source within its SLSA Level 2-hardened infrastructure, aiming to mitigate the growing threat of supply chain attacks in the Python ecosystem. By reconstructing both pure Python libraries and those containing native code or bundled dependencies like OpenSSL, Chainguard ensures traceable provenance and reduces the risk of malware infiltration during the build and distribution stages. This initiative addresses vulnerabilities highlighted by past incidents, such as the compromised PyTorch dependency in 2023 and the Ultralytics PyPI token leak in 2024. Compatible with major Linux distributions and various container environments, Chainguard Libraries offer enterprise security teams a reliable source for secure Python dependencies, enhancing overall software supply chain integrity.   https://www.chainguard.dev/unchained/announcing-chainguard-libraries-for-python-malware-resist...

A newly released tool named 'Defendnot' can disable Microsoft Defender on Windows systems by registering a fake antivirus product through an undocumented Windows Security Center (WSC) API. Developed by researcher es3n1n, Defendnot creates a dummy antivirus DLL and injects it into a trusted system process like Taskmgr.exe, allowing it to bypass security checks and trick Windows into deactivating Defender. Unlike its predecessor 'no-defender', which faced a DMCA takedown for using third-party antivirus code, Defendnot is built from scratch to avoid copyright issues. The tool includes a loader for configuration and establishes persistence via Windows Task Scheduler, raising concerns about potential misuse to leave systems unprotected.   https://www.bleepingcomputer.com/news/microsoft/new-defendnot-tool-tricks-windows-into-disabling-microsoft-defender

In his blog post "Scorecarding Security," Rami McCarthy explores the concept of scorecarding as a strategic method to enhance security programs through collaboration and transparency. He highlights that organizations like Chime, Netflix, GitHub, and Atlassian have implemented scorecarding systems to quantify security posture, promote accountability, and foster a culture of continuous improvement. These systems often feature centralized dashboards, extensible scoring models, and gamified elements to engage engineering teams without imposing rigid controls. McCarthy emphasizes the importance of building trust between security and engineering teams, avoiding adversarial dynamics, and recognizing that security teams are not omniscient. He provides practical advice for implementing scorecarding, such as starting with high-signal data sources, allowing for risk acceptance, and celebrating incremental progress to encourage positive security behaviors.   https://ramimac.me/scorec...

In his review of Steve Wilson’s book The Developer’s Playbook for LLM Security , cybersecurity leader Vikas Singh Yadav highlights the book as an essential resource for CISOs navigating the complexities of generative AI and large language model (LLM) security. Wilson structures the book into three sections: foundational concepts, risk analysis, and strategic planning. He begins with a case study of Microsoft’s Tay chatbot to underscore potential pitfalls, then delves into LLM architecture and data flows. The book examines threats like prompt injection, data leakage, hallucinations, and supply chain vulnerabilities, offering mitigation strategies such as implementing Zero Trust principles and output filtering. In the final section, Wilson introduces the RAISE framework—Responsible Artificial Intelligence Software Engineering—which encompasses domain limitation, knowledge base balancing, Zero Trust implementation, supply chain management, AI red teaming, and continuous monitoring. Y...

Cybercriminals are increasingly adopting a highly specialized approach, with distinct groups focusing on specific aspects of cyberattacks, such as initial access, malware development, or data exfiltration. This compartmentalization complicates traditional threat modeling, which often assumes a single actor behind an entire attack. To address this, researchers from Cisco Talos have proposed enhancing the Diamond Model of intrusion analysis by adding a relationship layer. This addition allows analysts to map the interactions between specialized threat actors, improving attribution accuracy and understanding of complex attack ecosystems. The shift towards specialization underscores the need for defenders to adapt their strategies to effectively counter the evolving tactics of cyber adversaries.   https://www.darkreading.com/threat-intelligence/attackers-specialize-cyber-threat-models-adapt

  A major financial institution overhauled its application security by implementing Sonatype Lifecycle, integrating it into their GitLab CI/CD pipeline to automate vulnerability detection and remediation early in the development process. This shift enabled a 3x acceleration in application onboarding and a 335% increase in scanning rates, significantly enhancing security coverage while minimizing developer disruption. The organization also launched a security champion program, training 81 developers to act as liaisons between security and development teams, fostering a culture of shared responsibility and improving collaboration. By automating workflows and embedding security into the development lifecycle, the enterprise achieved scalable, efficient, and proactive application security without compromising innovation. https://www.sonatype.com/customer-stories/software-innovation-and-security-at-scale

Cyera has introduced the Certified DSPM Architect program, the industry's first tool-agnostic certification focused on Data Security Posture Management (DSPM), aiming to equip security professionals with the skills needed to manage data risks in the AI era. As data volumes surge and AI adoption accelerates, many organizations struggle to identify where sensitive data resides, who has access, and how it's used. This certification offers a structured approach to understanding and securing data throughout its lifecycle, from discovery to destruction. Developed by seasoned security experts, the program includes a DSPM maturity model, strategic frameworks for improvement, and is eligible for CPE credits. Offered online and free for a limited time, it aims to bridge the skills gap in data security and support organizations in building robust, AI-ready security strategies.   https://www.businesswire.com/news/home/20250514373708/en/Cyera-Launches-Industrys-First-DSPM-Certification-...

A recent study by researchers at Princeton University and Sentient AI reveals that memory-enabled AI agents, designed to store and recall user data for personalized decision-making, are susceptible to memory injection attacks. These attacks involve implanting fake "memories" into the data that AI agents rely on, potentially manipulating their behavior in future interactions. The study highlights that such vulnerabilities are alarmingly easy to exploit, requiring no complex tools. This raises significant concerns about the security of AI agents used in applications like Mastercard's Agent Pay and PayPal's Agent Toolkit, which aim to make proactive decisions based on user preferences and feedback. The findings underscore the need for robust safeguards to protect AI memory systems from malicious manipulation.  https://www.darkreading.com/cyber-risk/ai-agents-memory-problem

SCANOSS is an open-source Software Composition Analysis (SCA) platform that helps organizations manage their software supply chains by identifying open-source components, detecting vulnerabilities, ensuring license compliance, and generating Software Bills of Materials (SBOMs). It supports code in any language, detects open-source elements in AI-generated code, and offers extensive vulnerability scanning through a massive indexed database. With full transparency and open algorithms, SCANOSS integrates easily via CLI, API, SDKs, IDE plugins, and webhooks, making it a flexible and powerful tool for securing and auditing modern software.  https://www.scanoss.com/ (Thx Bruno)

At RSAC 2025, Pieter Danhieux, CEO of Secure Code Warrior, emphasized that many organizations treat "secure by design" as a compliance checkbox rather than a foundational principle for building secure software. He highlighted the absence of a standardized definition and shared framework, which leads to inconsistent and often ineffective security practices. Danhieux argued that true security must be integrated early in the development process, especially as artificial intelligence increasingly influences coding protocols, necessitating clear policies to manage emerging risks.  https://www.bankinfosecurity.com/secure-by-design-moving-beyond-checkbox-compliance-a-28307

Neodyme's security researchers discovered a critical vulnerability in an HTML-to-PDF conversion service that utilized the outdated EO.Pdf library based on Chromium 62. By submitting specially crafted HTML content, they achieved server-side cross-site scripting (XSS), enabling actions like server-side request forgery (SSRF) and local file access. The PDF metadata revealed the exact library version, allowing the team to replicate the environment locally. They then adapted a known Chromium 62 exploit targeting a WebAssembly use-after-free vulnerability, ultimately achieving remote code execution. The exploit's success was facilitated by the renderer operating with the --no-sandbox flag, eliminating the need for a sandbox escape. This case underscores the dangers of relying on outdated components and the importance of disabling unnecessary features like JavaScript execution in server-side rendering processes. https://neodyme.io/en/blog/html_renderer_to_rce/

Shawn Chang from HardenedLinux argues that achieving memory safety in software development is a complex, interdisciplinary challenge that cannot be resolved solely by rewriting code in memory-safe languages like Rust or Go. Instead, he advocates for a multifaceted approach that includes rigorous engineering practices, such as static analysis, fuzz testing, and runtime mitigations, to enhance the security of existing systems. HardenedLinux's experience with Debian-based distributions demonstrates the effectiveness of combining tools like sanitizers and fuzzers in identifying vulnerabilities, while contributions like the VaultFuzzer and Fil-C showcase innovative methods for improving memory safety in C/C++ environments. Chang emphasizes that memory safety should be pursued through coordinated efforts across language design, tooling, and engineering practices, rather than relying solely on language choice, to build systems resilient to compromise.   https://hardenedlinux.org/blog/2...

Datadog Security Labs investigated a cloud intrusion where attackers exploited a leaked long-term AWS access key to execute both common and novel persistence techniques. Notably, they established a "persistence-as-a-service" mechanism by deploying a Lambda function triggered via an API Gateway, enabling the dynamic creation of IAM users even after the original credentials were revoked. Additionally, the attackers leveraged Telegram infrastructure, with ConsoleLogin events originating from Telegram IP addresses, suggesting the use of bots to automate AWS console access. They also disabled trusted access for multiple AWS organization-level services and manipulated AWS Identity Center configurations to maintain access. These tactics underscore the evolving sophistication of cloud-based threats and the importance of vigilant monitoring and proactive security measures.  https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-the-attacker-doth-persist-too-much

Jason Umiker compares the security features of AWS Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE), highlighting differences in identity and access management, network firewalling, configuration and posture management, vulnerability scanning, and runtime threat detection. EKS integrates with AWS IAM and relies on security groups and external tools like AWS Config and GuardDuty, offering flexibility but requiring more manual setup. GKE, especially in its Enterprise tier, provides more out-of-the-box security features, including integrated IAM, advanced network policies, posture management tools, image scanning, and runtime threat detection via Google’s Security Command Center.  https://jason-umiker.medium.com/eks-vs-gke-security-a9f353cbe96c

Microsoft Threat Intelligence highlights the evolving security challenges in Kubernetes and containerized environments, emphasizing that the dynamic nature of containers complicates anomaly detection and incident response. A significant concern is the misuse of inactive workload identities, with 51% remaining unused, presenting potential attack vectors. To systematically address these threats, Microsoft has updated its Kubernetes threat matrix and collaborated with MITRE to develop the ATT&CK® for Containers framework. Key threats include compromised accounts, vulnerable or misconfigured images, environment misconfigurations, application-level attacks, and node-level breaches. A notable case involved the threat actor Storm-1977 exploiting weak credentials in the education sector, deploying over 200 containers for cryptomining activities. Microsoft recommends securing the entire container lifecycle—from code and dependencies to CI/CD pipelines and runtime environments—to mitiga...

Wiz has launched WizOS, a minimal, hardened Linux distribution designed to provide near-zero-CVE container base images, enhancing security and reducing inherited vulnerabilities in cloud-native environments. Compatible with Alpine but built with glibc for broader support, WizOS compiles every component from source with signing and provenance, ensuring reproducibility and integrity. The shift to WizOS internally has significantly reduced high and critical CVEs in base images, improving scan results and minimizing false positives. Currently in private preview for Wiz customers, WizOS offers a secure foundation for building and deploying applications.  https://www.wiz.io/blog/introducing-wizos-hardened-near-zero-cve-base-images

Agentic Radar is an open-source tool developed by SplxAI for analyzing and securing agentic workflows built with large language models. It visualizes system workflows, identifies external and custom tools, detects MCP servers, and maps tools to known vulnerabilities. Supporting frameworks like OpenAI Agents, CrewAI, LangGraph, and n8n, it offers features such as Agentic Prompt Hardening and runtime vulnerability testing for issues like prompt injection and PII leakage, making it a valuable resource for securing LLM-based autonomous systems.  https://github.com/splx-ai/agentic-radar

The GitHub repository psiinon/open-source-llm-scanners offers a curated list of open-source tools designed to identify and mitigate security vulnerabilities in Large Language Model (LLM) applications. Maintained by Simon Bennetts, the list includes projects with at least 10 GitHub stars and is ordered by popularity. Notable tools featured include Promptfoo, Giskard, Garak, Purple Llama, PyRIT, EasyJailbreak, and LLMFuzzer, among others, each targeting areas like prompt injection, adversarial testing, and agentic security. The repository serves as a starting point for developers and researchers focused on LLM safety.  https://github.com/psiinon/open-source-llm-scanners

The article critiques the centralized CVE system for its inefficiencies and proposes a decentralized, blockchain-based model for vulnerability disclosure. This approach aims to improve transparency, speed, and collaboration using smart contracts and permissioned access, enabling a more responsive and trusted security ecosystem.  https://bitsofcyber.substack.com/p/beyond-cve-building-a-decentralized

Dr. Chase Cunningham's article, "The Cybersecurity 'Hiring Crisis': Myth or Reality? A Data-Driven Perspective," published on May 5, 2025, challenges the prevailing narrative of a cybersecurity talent shortage. He argues that the true issue lies not in a lack of qualified professionals but in the industry's hiring practices, unrealistic expectations, and the underutilization of human expertise. Cunningham points to the significant venture capital investments in AI-driven cybersecurity solutions, which often replace human roles, and the stagnant wages for security engineers despite increased funding in the sector. He also highlights the prevalence of unrealistic job requirements and the gigification of cybersecurity roles, leading to burnout and underinvestment in employee development. Cunningham concludes that the so-called hiring crisis is a manufactured narrative that benefits investors and companies while sidelining skilled professionals.   https://www....

The article "Beyond Vulnerability Management – Can You CVE What I CVE?" from The Hacker News discusses the limitations of traditional vulnerability management, particularly the reliance on Common Vulnerabilities and Exposures (CVEs). It highlights that CVEs often fail to capture the full scope of security issues, such as misconfigurations and runtime vulnerabilities, leading to an incomplete understanding of an organization's security posture. The piece advocates for a more comprehensive approach, emphasizing the need for continuous threat exposure management (CTEM) that goes beyond CVEs to address the dynamic and evolving nature of cyber threats   https://thehackernews.com/2025/05/beyond-vulnerability-management-cves.html

In his May 2025 blog post, Bruce Schneier delves into the emerging concept of agentic AI—autonomous systems acting on our behalf—and the critical privacy considerations they entail. He highlights the necessity for these AI systems to access personal data to function effectively, drawing parallels to the trust we place in services like email providers or smartphones. Schneier emphasizes the importance of building trust through integrity and transparency, advocating for decentralized data models and open standards to prevent monopolization. He also discusses his involvement with Inrupt, a company commercializing Tim Berners-Lee’s open protocol for distributed data ownership, and their development of an "agentic wallet" that combines personal and transactional data to facilitate AI-driven decisions. Schneier's insights underscore the need for careful consideration of privacy and trust as AI systems become more autonomous in their interactions with personal data   https:/...

  Recent research indicates that advanced deepfakes are now capable of replicating subtle physiological signals, such as heartbeats, making them more challenging to detect. These deepfakes unintentionally retain heartbeat patterns from their source videos, which can be detected using remote photoplethysmography (rPPG) technology. While this phenomenon complicates detection efforts, researchers are exploring methods to identify these residual biological signals to distinguish real from synthetic media https://studyfinds.org/deepfakes-outsmarting-detection-heartbeats/

The article "Agentic AI: the Start of a New Cybersecurity Career Path" by Brandy Harris, published on May 7, 2025, in GovInfoSecurity, explores the emergence of new roles in cybersecurity driven by the integration of agentic AI technologies. These roles include AI-Augmented Cybersecurity Analyst, Security Agent Designer, AI Threat Hunter/Adversarial Analyst, Autonomous SOC Architect, and Governance and AI Ethics Lead, each focusing on different aspects of AI implementation and security within organizations. The piece emphasizes the necessity for professionals to acquire skills such as prompt engineering, agent orchestration, AI risk modeling, and human-AI collaboration strategies to thrive in these evolving positions. Harris highlights the importance of adapting to these changes to ensure a secure and resilient cybersecurity workforce in the age of AI.  https://www.govinfosecurity.com/blogs/agentic-ai-start-new-cybersecurity-career-path-p-3868

AWS has aligned its AI governance practices with ISO/IEC 42001:2023, the international standard for AI management systems, to enhance responsible AI development across the entire lifecycle. This integration emphasizes the importance of embedding structured risk management, threat modeling, and accountability into AI systems from inception through deployment and monitoring. AWS leverages tools like Amazon SageMaker Model Cards, SageMaker Clarify, and Bedrock Guardrails to support transparency, fairness, and explainability in AI models. By adopting this framework, organizations can proactively address potential risks and ensure compliance with global standards for ethical AI practices   https://aws.amazon.com/blogs/security/ai-lifecycle-risk-management-iso-iec-420012023-for-ai-governance/

In the article "Zero Trust, Zero Bugs? The AI Blueprint for Building Unbreakable Software Systems" by Gopinath Kathiressan, published on May 13, 2025, on HackerNoon, the author explores how integrating Zero Trust principles and artificial intelligence can enhance software development security. Kathiressan argues that traditional reliance on trust within development teams can lead to vulnerabilities, as even internally developed code can harbor flaws. By adopting a mindset where no code is trusted by default and employing AI to continuously verify and validate each line of code, organizations can proactively identify and mitigate potential security risks. This approach aims to shift from reactive to proactive security measures, ensuring more robust and secure software systems   https://hackernoon.com/zero-trust-zero-bugs-the-ai-blueprint-for-building-unbreakable-software-systems

The article "The Future of Application Security: Why Continuous Controls Matter" from ERP Today discusses the limitations of traditional static access controls in modern, interconnected enterprise environments. It emphasizes the necessity for continuous access monitoring and real-time risk assessment to effectively manage user privileges and mitigate potential security threats. The piece highlights the importance of implementing solutions that support just-in-time access and automated enforcement of least privilege principles to enhance security and compliance. By adopting continuous controls, organizations can maintain operational agility while safeguarding critical systems and data.   https://erp.today/the-future-of-application-security-why-continuous-controls-matter/

Cybeats has introduced an AI-powered enhancement to its SBOM Studio platform, aiming to bolster software supply chain security. This new feature automates the analysis of Software Bills of Materials (SBOMs), enabling organizations to detect vulnerabilities and compliance issues more efficiently. By leveraging artificial intelligence, the platform provides real-time insights, helping businesses proactively manage risks associated with third-party software components   https://www.gurufocus.com/news/2857146/cybeats-enhances-sbom-studio-with-aipowered-feature-for-enhanced-software-supply-chain-security-cybcf-stock-news

The RSA Conference 2025 highlighted the growing role of Agentic AI in national security, with Homeland Security Secretary Kristi Noem stressing private sector collaboration and reforms to strengthen cyber defenses. The event emphasized blending AI with human intelligence to counter evolving digital threats.  https://indicanews.com/agentic-ai-and-national-security-take-center-stage-at-rsa-conference-2025/

IBM’s Red Hat has acquired Israeli AI startup Jounce for approximately $20 million. Founded in 2024 by alumni of Israel’s elite Unit 8200, Jounce developed a modular platform for deploying and managing complex AI systems, emphasizing flexibility, security, and cost-efficiency. The acquisition aims to integrate Jounce’s technology into Red Hat’s open-source ecosystem, enhancing its AI cloud capabilities across various industries   https://www.calcalistech.com/ctechnews/article/hk9tdhlzge

The article "Shifting Security Left: Embedding API Protection into Developer Workflows" from DevPro Journal emphasizes the importance of integrating API security early in the software development lifecycle. By treating API vulnerabilities as functional bugs and incorporating security measures into familiar development tools, organizations can proactively address potential threats. This approach not only enhances the security posture but also streamlines the development process by identifying and mitigating issues before they escalate. The article advocates for a cultural shift where developers are empowered with the necessary tools and knowledge to prioritize security from the outset, ensuring robust and secure API implementations. https://www.devprojournal.com/technology-trends/security/shifting-security-left-embedding-api-protection-into-developer-workflows/

Microsoft is advancing its commitment to passwordless authentication by making passkeys the default sign-in method for new accounts. This initiative aims to enhance security by reducing reliance on traditional passwords, which are susceptible to phishing attacks. Passkeys utilize cryptographic techniques to provide a more secure and user-friendly authentication experience. While this shift promises improved security, it also presents challenges, such as ensuring compatibility across devices and platforms. Microsoft's move aligns with an industry-wide effort to adopt passwordless solutions, reflecting a significant step toward more secure digital authentication practices.   https://arstechnica.com/security/2025/05/microsoft-pushes-unphishable-logins-forward-with-new-sign-in-options/

ProjectDiscovery is a cybersecurity company focused on continuous vulnerability management and attack surface monitoring through a community-driven, open-source approach. Its core tool, Nuclei, is a fast vulnerability scanner that uses YAML templates for real exploitation testing, reducing false positives. The company also offers a cloud platform that enhances its open-source tools with features like asset monitoring, real-time vulnerability detection, and collaborative dashboards. Their suite of tools includes Subfinder, httpx, Naabu, dnsx, and Katana, which are widely used by security professionals and red teams. Founded in 2020 and based in San Francisco, ProjectDiscovery has raised over $25 million and supports an active community of contributors and users.  https://projectdiscovery.io/

KEVIntel is a dynamic platform providing up-to-date information on known exploited vulnerabilities (KEVs). It aggregates data from over 50 public sources, including CISA, and enriches each entry with metadata such as EPSS scores, online mentions, scanner inclusion, and exploitation status. The platform aims to serve as an early warning system, offering insights even before official publications. KEVIntel supports various formats like JSON, CSV, and RSS, facilitating integration into security operations. These entries include CVSS scores, exploit status, and links to proof-of-concept code, aiding organizations in prioritizing remediation efforts.   https://kevintel.com/

A recent article on The Hacker News discusses how LivePerson's security team utilized Tines, an AI-driven workflow orchestration platform, to automate the process of monitoring security advisories, enriching them with threat intelligence from CrowdStrike, and creating tickets in ServiceNow. Previously, manually handling 45 vulnerabilities required approximately 150 minutes; with automation, this time was reduced to about 60 minutes, marking a 60% improvement in efficiency. The automated workflow involves fetching advisories from sources like CISA, filtering duplicates, extracting CVEs, enriching data, and notifying the team via Slack for quick approvals, ensuring that analysts remain in control of critical decisions. This approach not only accelerates response times but also enhances collaboration and analyst morale by eliminating repetitive tasks.   https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html

A vulnerability in the popular private-ip npm package has been uncovered, revealing that it fails to properly identify multicast IP addresses ( 224.0.0.0/4 ) as non-public, allowing attackers to potentially bypass SSRF protections. The package is meant to detect and block requests to private IPs, but overlooks multicast addresses like 239.255.255.250 , which can be used to access internal services. This mirrors past flaws in other IP-checking tools and highlights the need for developers to implement comprehensive IP validation, rather than relying solely on hardcoded lists.  https://www.nodejs-security.com/blog/dont-be-fooled-multicast-ssrf-bypass-private-ip/

  A new report from OX Security, as covered by The Hacker News, reveals that up to 98% of application security (AppSec) alerts do not require action and may even hinder organizations more than help. Analyzing over 101 million security findings across 178 organizations, the study found that out of an average of 570,000 alerts per organization, only about 202 represented true, critical issues. This deluge of low-priority alerts contributes to alert fatigue, strained developer relations, and wasted resources. Many of these alerts stem from issues with low exploitation probability, lack of known public exploits, or originate from unused or development-only dependencies. The report emphasizes the need for a shift from indiscriminate detection to evidence-driven prioritization, focusing on factors like code reachability, exploitability, business impact, and the origin of issues within the software development lifecycle. By adopting such a holistic approach, organizations can better ...

A recent report from Zimperium highlights a growing security risk in mobile app development: the widespread use of precompiled third-party components lacking transparency. Over 60% of top Android and iOS SDKs are shipped as binary packages without comprehensive software bills of materials (SBOMs), making it difficult to assess their security posture. Developers often test open-source versions but deploy compiled binaries for efficiency, leaving potential vulnerabilities unchecked. Traditional security tools, which focus on source code analysis, struggle to detect issues in these opaque components, especially when they handle critical functions like authentication and payments. The report emphasizes the need for deeper binary analysis and continuous vetting of third-party apps to mitigate these hidden threats. As mobile applications become integral to business operations, organizations must adopt proactive security measures to protect their software supply chains.   https://sec...

Datadog's 2025 State of DevSecOps report reveals that applying runtime context to vulnerability assessments can reduce the number of critical security alerts by 82%. By considering factors such as whether a vulnerability exists in a production environment, is exposed to the internet, or is likely to be exploited, organizations can more accurately prioritize threats. The report also highlights that Java applications are particularly vulnerable, with 44% containing known-exploited vulnerabilities and taking an average of 62 days to patch, compared to 19 days for JavaScript-based npm packages. Additionally, while 80% of organizations use infrastructure-as-code (IaC) tools, 38% still perform manual deployments, leading to potential security risks. The findings underscore the importance of contextual analysis and automation in enhancing security posture and reducing alert fatigue.   https://www.itprotoday.com/devops/devsecops-reality-check-context-reduces-critical-security-alerts-by...

In recognition of World Password Day, cybersecurity experts are emphasizing the critical need to move beyond traditional password practices to safeguard digital identities. Weak or reused passwords are likened to "open doors for attackers," underscoring the importance of adopting stronger security measures. Experts advocate for the use of password managers to generate and store complex, unique passwords, and recommend enabling multi-factor authentication to add an extra layer of protection. These steps are essential in mitigating the risk of unauthorized access and enhancing overall cybersecurity posture.   https://gulfnews.com/business/is-your-password-an-open-door-to-hackers-why-your-digital-lock-needs-an-upgrade-1.500112832

At RSAC 2025, NowSecure co-founder Andrew Hoog presented findings from over half a million mobile app security assessments conducted between January 2022 and February 2025, revealing widespread vulnerabilities in apps from official app stores. The top five risks identified include insufficient resilience against static analysis, with nearly 75% of apps leaving debug symbols in their code, 87% having API discovery issues, and 68% exposing hardcoded URLs. Outdated and insecure encryption methods were prevalent, with over 60% of apps using weak cryptography, such as Triple DES, and practices like reusing initialization vectors and hardcoding encryption keys. Additionally, many apps incorporated untested and vulnerable third-party SDKs, posing further security risks. These findings underscore the critical need for developers to adopt robust security practices and for organizations to rigorously assess the security of mobile applications, even those sourced from trusted app stores. https://...

A new report from Google’s Threat Intelligence Group shows that while the number of zero-day exploits has slightly declined—from 98 in 2023 to 75 in 2024—the focus of attackers is shifting toward enterprise technologies rather than consumer products. Threat actors are increasingly targeting security and networking software used by organizations, often exploiting vulnerabilities shortly after they are disclosed and before patches can be applied. This trend highlights the urgent need for enterprises to strengthen patch management and adopt proactive security practices.  https://www.darkreading.com/vulnerabilities-threats/vulnerability-exploitation-shifting-2024-25

In the blog post "Cybersecurity (Anti)Patterns: Busywork Generators," the author explores how well-intentioned security initiatives can inadvertently become sources of inefficiency. Using a fictional scenario, the post illustrates how a cybersecurity specialist's deployment of a code-scanning tool leads to an overwhelming number of alerts, many of which are false positives. This results in developers being inundated with tasks, leading to decreased engagement and increased bureaucratic overhead. The core issue identified is the reliance on solutions that generate alerts without addressing the underlying causes of vulnerabilities. The author advocates for a shift from reactive measures to proactive mechanisms that integrate security seamlessly into development processes. By focusing on root causes and implementing structural changes, organizations can enhance security without overburdening their teams.  https://spaceraccoon.dev/cybersecurity-antipatterns-busywork-generator...

The OrgSec Guide is a work-in-progress resource designed to help cybersecurity professionals build and manage effective security programs. Created by a security engineer, it provides structured guidance across key areas often lacking clear direction. The guide covers a broad range of topics including artificial intelligence (like AI agents and MCP servers), DevSecOps (such as container scanning, secure deployments, and secrets management), endpoint security (like EDR and phishing defenses), governance, risk, and compliance (including incident response, asset inventory, and vendor onboarding), identity access management, cloud infrastructure protection, operational security, product security practices (like threat modeling and secure coding), and Security Operations Center functions like threat detection and cyber threat intelligence.  https://luisfontes19.github.io/orgsec-guide/index.html