Steven Carlson presents 'App Security in 3D: Understanding Context, Behavior, and Intent' this July at Nebraska.Code().
https://nebraskacode.amegala.com/
#ApplicationSecurity #AppSec #DevOps #SoftwareCraftsmanship #Iowa #TechnologyConference #DevConference #Nebraska #Missouri #Kansas #ProgrammingConference #CyberSecurity #TechTrends
Fake Claude Code installer campaigns are abusing trusted developer workflows instead of exploiting software vulnerabilities.
Rhys Downing of Ontinue explains how attackers used fake documentation pages, modified install commands, PowerShell loaders, and browser compromise techniques to steal credentials and establish persistence.
“Developers are becoming a preferred target because they sit at the intersection of trust and access.”
Read more:
https://www.technadu.com/copy-paste-compromise-why-developer-workflows-need-new-guardrails/628593/
#Cybersecurity #ThreatResearch #Developers #ApplicationSecurity #Ontinue #SecureCoding
Vulnerable Code Proliferates as AI Exploits Rise in Supply Chains
The alarming truth is that 75% of organizations are knowingly shipping vulnerable code, despite the risks, with the window from disclosure to exploit shrinking dramatically from 840 days in 2018 to just under two days today. This trend is expected to accelerate, with exploits potentially available in as little as one minute by 2028.
#VulnerableCode #AiExploits #SupplyChain #ApplicationSecurity #ZeroDay
Agentic AI Turbo Boosts Mobile App Attacks
The alarming rise of mobile app attacks is no longer looming on the horizon - it's here, with a staggering 87% of monitored apps facing threats in 2026, a drastic jump from 55% in 2022, fueled by the rapid adoption of AI models. This explosive growth in attacks is a wake-up call for businesses to bolster their mobile app security.
#AgenticAi #MobileAppAttacks #EmergingThreats #ApplicationSecurity #ArtificialIntelligence
Socket Expands Supply-Chain Visibility with Secure Annex Acquisition
Socket is supercharging its supply-chain visibility with the acquisition of Secure Annex, a cutting-edge extension security startup, to give developers unprecedented control across the entire software development life cycle. This strategic move combines Socket's expertise in application dependencies with Secure Annex's…
#SupplyChain #ApplicationSecurity #SoftwareDevelopment #Acquisition #SecureAnnex
GlassWorm Malware Resurfaces Through 73 OpenVSX Extensions
Researchers at Socket have uncovered a sneaky new wave of GlassWorm malware, this time hiding in 73 OpenVSX extensions that behave like sleepers - seemingly harmless at first, but turning malicious after a stealthy update. Six of these extensions have already been activated, unleashing malware on unsuspecting developers.
#GlasswormMalware #Openvsx #MalwareOperations #EmergingThreats #ApplicationSecurity
Anthropic's Claude Desktop sparks EU consent concerns
Can a single app really reach into your other software without asking for permission? The surprising behavior of Anthropic's Claude Desktop for macOS is raising eyebrows and sparking concerns about consent under EU law.
#EuConsent #Macos #ApplicationSecurity #EmergingThreats #Gdpr
Together, these measures enhance your security posture by protecting against unauthorized access and potential vulnerabilities.
Read more 👉 https://lttr.ai/AqIiJ
Tweet Application security has never been more critical, as cyber threats loom large over every piece of software. To safeguard applications, segregation of development, testing, and production environments has emerged as a crucial strategy. This practice not only improves … Continue reading →
Steven Carlson, Alec Harrison, Sarah F. Wimberley & Eric Reichwaldt present on Dev-Ops this July at Nebraska.Code().
https://nebraskacode.amegala.com/
#DevOps #Homelabbing #Networking #Security #Automation #YAML #TechConference #Infrastructure #OpenSource #EnterpriseArchitecture #Nebraska #lincolnnebraska #ApplicationSecurity #AppSec #CICD #Microservices
Nebraska.Code
TechNadu
Analyst207
github.com/ghostwriter
LBHuston