Dispatches from the AppSec Frontlines
By signing up I confirm I have read Cycode's Privacy Policy and agree to receive newsletters and updates from Cycode's blog
-
December 1, 2022 11 min read
CI-Story: How We Found Critical Vulnerabilities in StoryBook Project
Cycode found several vulnerabilities in its GitHub Actions development pipeline that may have allowed any user on the internet to run arbitrary code ...
-
November 18, 2022 13 min read
Doing More With Less: How to Improve AppSec Programs When
Software supply chain attacks are growing. Gartner reports that by 2025, 45% of organizations worldwide will...
-
November 10, 2022 14 min read
Shifting Security Left with the Cycode
Security doesn’t begin with developers, but they are often affected by security. In my career as a developer, I would say I...
-
November 1, 2022 7 min read
Lessons From OpenSSL’s 3.0.7 Security Patch
While OpenSSL downgraded the criticality of its 3.0.7 security patch from Critical to High (CVE-2022-3786 and CVE-2022-3602), and...
-
October 31, 2022 9 min read
The Scariest Things About
It is a time of ghouls, mischievous spirits, and David S. Pumpkins. In the spirit of Halloween, here are the top five scariest...
-
October 29, 2022 3 min read
Security Advisory: Critical OpenSSL
On Tuesday, November 1st, OpenSSL is releasing a critical patch. Given the ubiquity of OpenSSL, rapid remediation will be...
-
October 24, 2022 11 min read
Security Advisory: Text4Shell
The IconBurst attack is a software supply chain attack designed to grab data from apps and websites. This attack campaign seeks...
-
August 30, 2022 16 min read
Pipeline Composition Analysis: The Next-Generation of
Software composition analysis (SCA) is a necessary tool that detects vulnerabilities within dependencies such as open source...
-
July 11, 2022 8 min read
Security Advisory: IconBurst
The IconBurst attack is a software supply chain attack designed to grab data from apps and websites. This attack campaign seeks...
-
July 5, 2022 5 min read
Multi-functional Threat Coverage: How Cycode handles latest
Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source...
-
June 28, 2022 14 min read
A Strong Foundation of Governance Improves All SDLC
The innovation of DevOps toolchains has delivered increased efficiency for engineering teams. At the same time, these innovations...
-
June 28, 2022 28 min read
All Roads Lead to Build Secrets – Or How Your Build
Every software manufacturer nowadays implements robust DevOps processes to increase its ability to deliver applications and...
-
June 16, 2022 13 min read
ISO 27001
CrateDepression is a software supply chain attack designed to target GitLab CI Pipelines by impersonating legitimate Rust...
Ready to get started?
We'll connect you with a Cycode expert who can share more about the product and answer any questions you have Book a Demo