China-linked snoops have been exploiting Dell 0-day since mid-2024, using 'ghost NICs' to avoid detection

China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a ...

DerScanner Launches First Software Composition Analysis (SCA) for Delphi

Bringing automated SBOM generation and third-party dependency analysis to Embarcadero RAD Studio projects. DerScanner ...
CSO Online

The new paradigm for raising up secure software engineers

The new challenge for CISOs in the age of AI developers is securing code. But what does developer security awareness even ...
InfoWorld

Open source maintainers are being targeted by AI agent as part of ‘reputation farming’

“Once contribution and reputation building can be automated, the attack surface moves from the code to the governance process around it. Projects that rely on informal trust and maintainer intuition ...
Financial IT

Endor Labs Acquires Autonomous Plane, Expanding AI-Native Application Security with Full-Stack Reachability From Code to Container

Endor Labs, the leader in AI-native application security, today announced the acquisition of Autonomous Plane, a cloud-native application security company founded by Kyle Quest, creator of DockerSlim.
Database Trends and ApplicationsOpinion

Black Duck Delivers Frictionless DevSecOp with Expanded Polaris Integrations

Black Duck, a leader in AI-powered application security, is offering a powerful set of enhanced Black Duck Polaris Platform ...

The Mobile App Security Gap Nobody Wants To Talk About

Mobile apps hide most risk behind login screens. AI-driven testing now pierces that blind spot, exposing real threats before attackers do.

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
Infosecurity Magazine

Chinese APT Group Exploits Dell Zero-Day for Two Years

Dell yesterday released a patch for a critical zero-day vulnerability in its RecoverPoint for Virtual Machines product, which ...
Dark Reading

260K+ Chrome Users Duped by Fake AI Browser Extensions

The Chrome Web Store has been infested with dozens of malicious browser extensions claiming to provide AI assistant functionality but that secretly are siphoning off personal information from victims.