Vulnerability Insights
What Is Application Detection and Response (ADR)?
Application detection and response (ADR) is an emerging cybersecurity category that focuses on application visibility, protection, and remediation. ADR is a comprehensive and proactive approach to application security that incorporates automation, prioritization, ...
A Top-Ten List You Don’t Want to Be On
OX Research Maps Most Common Supply Chain Vulnerabilities to Attacker TTPs For our recent threat research report, OSC&R in the Wild: A New Look at the Most Common Software Supply Chain Exposures, ...
It is Time to Reclaim Control (and Responsibility) Over Your Application Security
In recent years, the cybersecurity industry has embraced a “shift left” approach, advocating for security considerations to be integrated earlier in the software development lifecycle. This strategy, born from a desire to ...
Context is king: what the next generation of AppSec tools is learning from SIEM
Success breeds…confusion? AppSec teams face an average of 118,000 vulnerability alerts across their software supply chain. If even 1% of those are being exploited in the wild, finding – and triaging ...
Understanding the Risks of Transitive Dependencies in Software Development
Transitive dependencies are one of the biggest headaches software developers must manage. Relationships between software components are complex (to say the least) and specifically for transitive dependencies — that is, indirect relationships ...
A Playbook for Detecting the OpenSSH Vulnerability – CVE-2024-6387 – regreSSHion
The Qualys Threat Research Unit has discovered a new “high” severity signal handler race condition vulnerability in OpenSSH’s server software (sshd). According to the research, this vulnerability has the potential to allow ...
Third-Party Trust Issues: AppSec Learns from Polyfill
By now, you’ve likely seen the LinkedIn posts, the media stories, and even some formerly-known-as “Tweets”: The latest exploit to hit front pages is the malicious use of polyfill.io, a popular library ...
Managing Transitive Vulnerabilities
Transitive vulnerabilities are developers’ most hated type of security issue, and for good reason. It’s complicated enough to monitor for and fix direct vulnerabilities throughout the software development lifecycle (SDLC). When software ...
From Risk to Resolution: OX Security’s Integrations with KEV and EPSS Drive Smarter Vulnerability Prioritization
In June 2023, a critical vulnerability (CVE-2023-34362) in the MOVEit Transfer file transfer software was exploited by adversaries, resulting in a series of high-profile data breaches. Despite the availability of patches, and ...
Proactive Application Security: Learning from the Recent GitHub Extortion Campaigns
A new threat actor group known as Gitloker has launched an alarming campaign that wipes victims’ GitHub repositories and attempts to extort them. Victims are finding their repositories erased, replaced only by ...
