Security Advisory: IconBurst Attack

The IconBurst attack is a software supply chain attack designed to grab data from apps and websites. This attack campaign seeks to install malicious NPM modules that harvest sensitive data from forms embedded in mobile applications and websites…

All Roads Lead to Build Secrets – Or How Your Build System Could Expose The Production Environment

Every software manufacturer nowadays implements robust DevOps processes to increase its ability to deliver applications and services at high velocity. These processes usually include testing, building, packaging, deploying, and additional autonomous procedures. This article will demonstrate that the race to embrace CI/CD capabilities has introduced subtle new risks. An especially significant risk that most organizations … Read more

5 Reasons Why Achieving Compliance in the SDLC Is Challenging for AppSec Teams

Compliance isn’t a sexy topic, but it’s often mission-critical for organizations because failure to achieve compliance can have huge repercussions. Whether it be fines, reputational damage, loss of ability to transact business, or something else—no one wants to be responsible for a missed audit. With that said, AppSec teams are finding compliance across the software … Read more