July meetup has been published!

Joseph Davis will talk about Identity being the new perimeter. Come to learn more about passwordless authentication and good networking. Big thank you to our food sponsors DirectDefense!

RSVP at https://www.meetup.com/owaspboston/events/315358727/

owasp #appsec #owaspboston #applicationsecurity

Come un semplice account FIFA avrebbe potuto compromettere i Mondiali 2026

https://insicurezzadigitale.com/come-un-semplice-account-fifa-avrebbe-potuto-compromettere-i-mondiali-2026/

🚨 New Vulnerability Analysis: CVE-2026-47670 🚨

In my latest technical deep dive, I break down a critical authenticated Remote Code Execution (RCE) vulnerability in DbGate (v7.1.8). Discover why relying on pseudo-sandboxing like require = null fails inherently inside Node.js environments when confronted with native, unblockable dynamic import() constructs.

👉 https://denizhalil.com/2026/06/15/cve-2026-47670-dbgate-rce-bypass/

#Cybersecurity #Infosec #NodeJS #VulnerabilityResearch #ApplicationSecurity #RCE

phpBB Fixes Decade-Old Auth Bypass Bug

A major vulnerability in phpBB has been uncovered, allowing attackers to bypass authentication and log in as any user, including administrators, with ease and no special knowledge required. This decade-old bug, exploitable in default configurations, has been patched - but only after researchers took steps to privately disclose the issue to prevent…

https://osintsights.com/phpbb-fixes-decade-old-auth-bypass-bug?utm_source=mastodon&utm_medium=social

#AuthBypass #Phpbb #VulnerabilityDisclosure #Hackerone #ApplicationSecurity

CISOs Face Pressure to Deploy Vulnerable Code

The harsh reality is that 95% of CISOs face pressure to downplay or delay reporting security issues, leading to a staggering 75% of organizations deploying vulnerable code into production environments. It's a precarious situation that demands a new approach to prioritize security without sacrificing business goals.

https://osintsights.com/cisos-face-pressure-to-deploy-vulnerable-code?utm_source=mastodon&utm_medium=social

#ApplicationSecurity #VulnerableCode #Cisos #BusinessPressure #SecureDeployment

Fast releases shouldn't mean higher risk.

Integrating security into your CI/CD pipeline helps identify vulnerabilities, misconfigurations, exposed secrets, and insecure dependencies before they reach production.

🔒 Secure every release with DevSecOps.

https://www.vaptsecurity.com/devsecops-ci-cd-security-integration/

#DevSecOps #CICD #ApplicationSecurity #CloudSecurity #CyberSecurity #VAPT #DevSecOpsUAE

AI Coding Tools Require Embedded Security to Counter Emerging Risks

Security can't keep pace with AI coding tools unless it's embedded from the start - after all, with hundreds of daily code changes, it can't be a bolt-on activity that happens after the fact. It needs to be a fundamental part of the creation process itself.

https://osintsights.com/ai-coding-tools-require-embedded-security-to-counter-emerging-risks?utm_source=mastodon&utm_medium=social

#AiCodingTools #ApplicationSecurity #EmergingThreats #Devsecops #ArtificialIntelligence

Steven Carlson presents 'App Security in 3D: Understanding Context, Behavior, and Intent' this July at Nebraska.Code().

https://nebraskacode.amegala.com/

#ApplicationSecurity #AppSec #DevOps #SoftwareCraftsmanship #Iowa #TechnologyConference #DevConference #Nebraska #Missouri #Kansas #ProgrammingConference #CyberSecurity #TechTrends

Fake Claude Code installer campaigns are abusing trusted developer workflows instead of exploiting software vulnerabilities.
Rhys Downing of Ontinue explains how attackers used fake documentation pages, modified install commands, PowerShell loaders, and browser compromise techniques to steal credentials and establish persistence.

“Developers are becoming a preferred target because they sit at the intersection of trust and access.”

Read more:
https://www.technadu.com/copy-paste-compromise-why-developer-workflows-need-new-guardrails/628593/

#Cybersecurity #ThreatResearch #Developers #ApplicationSecurity #Ontinue #SecureCoding

Vulnerable Code Proliferates as AI Exploits Rise in Supply Chains

The alarming truth is that 75% of organizations are knowingly shipping vulnerable code, despite the risks, with the window from disclosure to exploit shrinking dramatically from 840 days in 2018 to just under two days today. This trend is expected to accelerate, with exploits potentially available in as little as one minute by 2028.

https://osintsights.com/vulnerable-code-proliferates-as-ai-exploits-rise-in-supply-chains?utm_source=mastodon&utm_medium=social

#VulnerableCode #AiExploits #SupplyChain #ApplicationSecurity #ZeroDay