Tag: application-security
-
Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals
Tags: ai, api, application-security, attack, automation, banking, business, container, control, crime, cyber, cybercrime, data, defense, detection, exploit, finance, fraud, identity, infrastructure, intelligence, Internet, LLM, malicious, monitoring, resilience, risk, service, threat, tool, vulnerabilityBad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals josh.pearson@t“¦ Thu, 04/30/2026 – 07:31 The modern internet is becoming less human by the day. Bot traffic is increasing, and human traffic is shrinking. Malicious automated traffic is getting harder to spot. The Thales 2026 Bad Bot Report, now in it’s…
-
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/checkmarx-confirms-lapsus-hackers-leaked-its-stolen-github-data/
-
Checkmarx Confirms Security Incident Involving GitHub Repository Exposure
Tags: application-security, ciso, cyber, cybercrime, data, data-breach, github, group, security-incidentApplication security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository. On April 27, 2026, Udi-Yehuda Tamar, the company’s VP of Platform Engineering and Global CISO, revealed that a cybercriminal group successfully leaked Checkmarx data on the dark web. This alarming development stems from an earlier security…
-
AI is reshaping DevSecOps to bring security closer to the code
Tags: access, ai, api, application-security, attack, authentication, automation, breach, business, cloud, communications, compliance, container, control, data, data-breach, detection, exploit, governance, infrastructure, injection, least-privilege, risk, service, skills, software, sql, strategy, supply-chain, threat, tool, training, vulnerabilityExplicit security requirements elevate AI benefits: While deploying AI with DevSecOps is helping to shift the emphasis on security to earlier in the development lifecycle, this requires “explicit instruction to do it right,” says Noe Ramos, vice president of AI operations at business software provider Agiloft.”AI coding assistants accelerate development meaningfully, but they optimize for…
-
Why PoP Count Isn’t the Real Measure of Application Security Performance
When evaluating cloud security platforms, one question comes up again and again: “How many Points of Presence do you have?” At first glance, the logic seems sound. More locations should mean lower latency, faster response times, and better protection. The assumption is simple: if security is delivered at the edge, then more edge locations must……
-
Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers
A detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establishes out-of-sandbox browser automation hooks that pose significant privacy and security risks, bypassing explicit user consent and standard application security…
-
Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers
A detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establishes out-of-sandbox browser automation hooks that pose significant privacy and security risks, bypassing explicit user consent and standard application security…
-
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket.”The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in ‘bw1.js,’ a file included in the package contents,” the application security company said.”The attack appears to have leveraged…
-
CNAPP ein Kaufratgeber
Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmwareCloud Security bleibt ein diffiziles Thema und die Tools, mit denen sie sich gewährleisten lässt, werden zunehmend komplexer und schwieriger zu durchschauen auch dank der ungebrochenen Liebe der Branche zu Akronymen. Mit CNAPP kommt nun ein weiteres hinzu. Die Abkürzung steht für Cloud-Native Application Protection Platform und kombiniert die Funktionen von vier separaten Cloud-Security-Werkzeugen: Cloud…
-
SnowFROC 2026: Secure Defaults, Real Trust, and a Better Layer on Top
This year’s Devner OWASP event showed why modern AppSec depends on secure defaults, stronger provenance, and security controls that appear where developers make decisions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/snowfroc-2026-secure-defaults-real-trust-and-a-better-layer-on-top/
-
From Panic to Playbook: Modernizing Zero”‘Day Response in AppSec
Learn how AppSec teams build a repeatable zero-day response workflow. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/from-panic-to-playbook-modernizing-zero%e2%80%91day-response-in-appsec/
-
From Panic to Playbook: Modernizing Zero”‘Day Response in AppSec
Learn how AppSec teams build a repeatable zero-day response workflow. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/from-panic-to-playbook-modernizing-zero%e2%80%91day-response-in-appsec/
-
We beat Google’s zero-knowledge proof of quantum cryptanalysis
Tags: ai, application-security, attack, best-practice, computer, computing, control, cryptography, data, exploit, google, group, Hardware, metric, programming, risk, rust, technology, tool, update, vulnerabilityTwo weeks ago, Google’s Quantum AI group published a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve cryptography keys in as little as 9 minutes. Today, Trail of Bits is publishing our own zero-knowledge proof that significantly improves Google’s on all metrics. Our result is…
-
Production-first Security: Why Runtime Intelligence Should Drive Application Security
<div cla TL;DR Traditional application security focuses on finding vulnerabilities before code ships. However, pre-production scanning identifies theoretical risks while production reveals what is actually reachable, exploitable, and under active attack. Production-first security leverages runtime intelligence to prioritize remediation, giving teams visibility into real-world attack patterns rather than hypothetical weaknesses. First seen on securityboulevard.com Jump…
-
DAST Tools: Complete Buyer’s Guide 10 Solutions to know in 2026
Compare the best DAST tools in 2026. Our buyer’s guide covers 10 dynamic application security testing solutions, key features, pricing & how to choose the right one. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/dast-tools-complete-buyers-guide-10-solutions-to-know-in-2026/
-
Legacy AppSec Is Out of Step with the Speed of AI
The timing is off, and it seems to be getting worse. Traditional application security pipelines were designed way back in the days when only humans wrote code… two years ago, that is. Way back then, reviews took hours or days, and post-commit scans could reasonably catch what slipped through. Well, AI coding assistants have.. First…
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…
-
World-Quantum-Day Hybride Verschlüsselung zur Risikominimierung
Die Bedrohung durch Post-Quantum-Technologie ist nicht mehr Theorie, sondern prägt bereits heute die Risikolandschaft. Während das Quantencomputing bahnbrechende Fortschritte verspricht, wird es gleichzeitig die kryptografischen Grundlagen untergraben, die unsere digitale Wirtschaft schützen. Ein Kommentar von Chris Harris, EMEA Technical Director, Data & Application Security bei Thales. Was sich geändert hat, ist der Zeitplan. Die Frage…
-
Why Network Monitoring Alone Misses Application Attacks
Tags: application-security, attack, defense, detection, exploit, monitoring, network, tool, vulnerability, waf<div cla TL;DR Network security monitoring excels at traffic analysis and perimeter defense, yet research shows WAF alerts generate overwhelming noise with minimal correlation to actual exploit attempts. The gap exists because network tools operate at the packet level or network edge, while application attacks exploit vulnerabilities during code execution. Runtime application security through Application…
-
Black Duck Names Dom Glavach as CISO to Bolster Supply Chain and AI Security Push
Application security firm Black Duck has appointed Dom Glavach as its new Chief Information Security Officer, bringing in a seasoned executive with more than two decades of experience spanning enterprise security, national defence, and SaaS environments. The hire comes at a turbulent time for software security. Dependency abuse, credential misuse, and compromised build pipelines have…
-
Patch windows collapse as timeexploit accelerates
N-day exploitation: Rapid7 Labs validated its findings about a more febrile threat environment by producing both n-day and zero-day exploits using AI-assisted research, substantially reducing development time.In practice, n-day bugs, or the development of exploits against patched software, are a bigger problem than headline-grabbing zero-day vulnerabilities, adds Leeann Nicolo, incident response lead at Coalition, a technology…
-
AI, DevSecOps, and the Future of Application Security: The Gartner® Report
<div cla Even as organizations recognize the importance of application security, most still struggle to operationalize it at scale. That gap becomes harder to ignore as development accelerates, AI becomes embedded in workflows, and software supply chains grow more complex. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ai-devsecops-and-the-future-of-application-security-the-gartner-report/
-
GigaOm Radar: Check Point setzt sich erneut bei Application Security an die Spitze
Tags: application-securityCheck Point gelingt es, zwei oft widersprüchliche Anforderungen zu vereinen: maximale Sicherheit und minimale Reibung im Betrieb. Das die erneute Spitzenplatzierung durch GigaOm zeigt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/gigaom-radar-check-point-setzt-sich-erneut-bei-application-security-an-die-spitze/a44502/
-
Why AI Bot Protection and Control Are Essential for Application Security
Tags: ai, api, application-security, automation, control, infrastructure, Internet, tool, vulnerabilityAI-driven automation is no longer emerging. It is already integrated and accepted as internet traffic. From AI assistants and crawlers to enterprise automation tools, websites are now routinely accessed by non-human actors operating at scale. Vulnerabilities or weaknesses in your application infrastructure, including risky APIs, are no longer difficult to find, as agentic AI tools,……
-
Board-Ready Security Metrics That Actually Matter
<div cla TL;DR Board-ready security metrics translate technical capabilities into financial risk and business outcomes. Boards need visibility across three dimensions: risk exposure, incident response capability, and governance compliance. Runtime application security contributes meaningful data points to these broader metrics, helping security leaders present more complete organizational risk assessments. First seen on securityboulevard.com Jump to…
-
12 cyber industry trends revealed at RSAC 2026
Tags: access, ai, application-security, authentication, awareness, business, ciso, cloud, control, cyber, cybersecurity, data, deep-fake, defense, detection, edr, endpoint, firewall, gartner, governance, identity, infrastructure, insurance, metric, microsoft, monitoring, mssp, phishing, programming, risk, risk-management, service, siem, skills, soc, software, startup, technology, threat, tool, trainingLegacy security vendors have the inside track on AI, for now: As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors, at least in the short term. This may buy legacy security vendors a bit, but not much time.Remember what happened in the cloud…