Vulnerabilities
Contrast Secures AI Applications and Modern Software | Forrester 2025 SAST Report | Contrast Security
A new report from independent research firm Forrester has several major findings. ...
F5 Extends Security Reach to Large Language Models
F5 has extended and added support for web application scanning that is capable of identifying vulnerabilities in large language models (LLMs) to its application delivery and security platform (ADSP) ...
Revived CryptoJS library is a crypto stealer in disguise
An illicit npm package called 'crypto-encrypt-ts' may appear to revive the unmaintained but vastly popular CryptoJS library, but what it actually does is peek into your crypto wallet and exfiltrate your secrets ...
NetRise Adds Tool to Analyze Application Binaries for Security Flaws
NetRise today at the 2025 RSA Conference unveiled a binary composition analysis (BCA) tool that makes it possible to identify application security weaknesses in applications that have already been deployed ...
Cybersecurity Insights with Contrast CISO David Lindner | 04/25/25
Insight No. 1 — Fast code, slow security? Think ADR Consider the scenario: Development teams are pushing code at unprecedented speeds, and vulnerabilities, whether human or AI-generated, are lingering far too long ...
Security at Arm’s Length: Why the Lag Between Detection and Action Keeps Growing
Vulnerabilities: It's not their presence but their visibility and controlled management that defines secure development ...
Last Minute Save for the CVE Program
I am very glad that the Common Vulnerabilities and Exposures (CVE) program was re-funded by the US Government, specifically CISA (Cybersecurity and Infrastructure Security Agency), but this last-minute catch has raised serious ...
What’s happening with MITRE and the CVE program uncertainty
Yesterday's headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today ...
Navigating New Cyber-Physical System Security Regulations
Cyber-Physical Systems (CPS) are no longer the stuff of science fiction; they are woven into the fabric of our daily lives, organizations, and critical infrastructure. From smart grids managing our power to ...
The Signal Chat Leak and the NSA
US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service ...
