Lukasz Olejnik (@lukOlejnik)

Claude가 애플리케이션 보안 문제를 해결할 수 있는지 묻는 내용으로, 생성형 AI가 보안 취약점 탐지나 대응에 활용될 가능성을 시사한다.

https://x.com/lukOlejnik/status/2050191628690735428

#claude #anthropic #applicationsecurity #cybersecurity #generativeai

Socket Expands Supply-Chain Visibility with Secure Annex Acquisition

Socket is supercharging its supply-chain visibility with the acquisition of Secure Annex, a cutting-edge extension security startup, to give developers unprecedented control across the entire software development life cycle. This strategic move combines Socket's expertise in application dependencies with Secure Annex's…

https://osintsights.com/socket-expands-supply-chain-visibility-with-secure-annex-acquisition?utm_source=mastodon&utm_medium=social

#SupplyChain #ApplicationSecurity #SoftwareDevelopment #Acquisition #SecureAnnex

GlassWorm Malware Resurfaces Through 73 OpenVSX Extensions

Researchers at Socket have uncovered a sneaky new wave of GlassWorm malware, this time hiding in 73 OpenVSX extensions that behave like sleepers - seemingly harmless at first, but turning malicious after a stealthy update. Six of these extensions have already been activated, unleashing malware on unsuspecting developers.

https://osintsights.com/glassworm-malware-resurfaces-through-73-openvsx-extensions?utm_source=mastodon&utm_medium=social

#GlasswormMalware #Openvsx #MalwareOperations #EmergingThreats #ApplicationSecurity

Anthropic's Claude Desktop sparks EU consent concerns

Can a single app really reach into your other software without asking for permission? The surprising behavior of Anthropic's Claude Desktop for macOS is raising eyebrows and sparking concerns about consent under EU law.

https://osintsights.com/anthropics-claude-desktop-sparks-eu-consent-concerns?utm_source=mastodon&utm_medium=social

#EuConsent #Macos #ApplicationSecurity #EmergingThreats #Gdpr

Together, these measures enhance your security posture by protecting against unauthorized access and potential vulnerabilities.

Read more 👉 https://lttr.ai/AqIiJ

#Security #Infosec #ApplicationSecurity

Steven Carlson, Alec Harrison, Sarah F. Wimberley & Eric Reichwaldt present on Dev-Ops this July at Nebraska.Code().

https://nebraskacode.amegala.com/

#DevOps #Homelabbing #Networking #Security #Automation #YAML #TechConference #Infrastructure #OpenSource #EnterpriseArchitecture #Nebraska #lincolnnebraska #ApplicationSecurity #AppSec #CICD #Microservices

Andy Pryor, Joseph Burr, Jack Arens & Kevin Logan have sessions on Emerging Technology this July at Nebraska.Code().

https://nebraskacode.amegala.com/

#EmergingTechnology #TechConference #Hudl #PlatformEngineering #Nebraska #ApplicationSecurity #WebApps #Architecture #AI #SpecKit #Omnitech #cybersecurity #softwarearchitecture

At @Fleet, we’re rolling out ACME-based attestation for Apple hosts, so this talk comes from real product work.

My NDC Security talk is now up:
https://www.youtube.com/watch?v=4oDBH93usyY

#ApplicationSecurity #ZeroTrust #MDM

ZAST engine has identified and verified CVE-2026-1829 in Content Visibility for Divi Builder 4.01, along with one additional verified vulnerability in the same plugin.

Project page: https://wordpress.org/plugins/content-visibility-for-divi-builder/ Project footprint: 2,000+ active installations on WordPress.org.

The critical issue is a code-execution path where user-controlled visibility expressions reach eval() through multiple application features. This is a representative example of why security teams need autonomous verification: dangerous APIs alone do not define risk. Reachability, privilege boundaries, and runtime behavior do.

ZAST.AI promotes findings into reports only after successful PoC validation, which supports a zero-false-positive operating model and helps enterprise teams prioritize remediation on verified issues.

Full report: https://blog.zast.ai/vulnerability%20research/ai%20security/Auditing-Content-Visibility-for-Divi-Builder/

@wordfence @WordPress @[email protected]

#ApplicationSecurity #WordPressSecurity #AppSec #VulnerabilityResearch #AIForSecurity