application vulnerabilities
The Mythos AI Vulnerability Storm: What to Do Next
AI is transforming both software development and software risk ...
Mythos and the AI Vulnerability Storm: Exploring the Control Point
The Inflection Point Is Here With Mythos, Anthropic showed that AI can find vulnerabilities in minutes that once took skilled technologists months to find. This shift is a coming storm for developers ...
Slopsquatting Attacks: How AI Phantom Dependencies Create Security Risks
TL;DR AI coding assistants can hallucinate package names, creating phantom dependencies that don't exist in official repositories. Attackers exploit this predictable behavior through slopsquatting, which involves registering malicious packages with names that ...
How Contrast ADR Speeds up SOC Incident Response Time| SOC Challenges From Alert Fatigue to Application-Layer Visibility | Contrast Security
Just because you work in a security operations center (SOC) doesn’t mean you have to waste your time chasing dragons. And by “dragons,” we mean the traditional SOC’s difficulty identifying cyberattacks that ...
Fake IP checker utilities on npm are crypto stealers
Recently identified npm packages called "node-request-ip", "request-ip-check" and "request-ip-validator" impersonate handy open source utilities relied upon by developers to retrieve an external IP address but instead target Windows, Linux and macOS users ...
Counterfeit Lodash attack leverages AnyDesk to target Windows users
npm packages identified by Sonatype recently are named similar to the vastly popular JavaScript library, lodash. These packages abuse typosquatting and carry within them a modified version of AnyDesk utility to target ...
‘Netfetcher’ package drops illicit ‘node’ binary on Windows
Recently identified PyPI packages called "netfetcher" and "pyfetcher" impersonate open source libraries and target Windows users with malicious executables that have a zero detection rate among leading antivirus engines. Furthermore, some of ...
Understanding the OWASP Top 10 Application Vulnerabilities
The OWASP Top 10 provides a standardized catalog of the most critical security risks to web applications. Compiled by a global community of security experts, this influential document highlights the... The post ...
Are Proof-of-Concepts Benefiting Cybercriminals?
Public proof-of-concepts (POCs) may be helping cybercriminals more than the organizations they were designed to protect. Sophos’ Active Adversary Playbook 2022 provides an in-depth analysis of cyberattacker behavior, tactics and tools from ...
Google Shares Format for Open Source Vulnerability Data
Google, in collaboration with several open source communities, today unveiled a schema for describing vulnerabilities in open source software that will make it easier to for developers to track security issues that ...
