Application Security News – SecurityWeek Cybersecurity News, Insights & Analysis
- Axios NPM Package Breached in North Korean Supply Chain Attack
by Ionut Arghire on April 1, 2026 at 8:45 amA long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.
- TeamPCP Moves From OSS to AWS Environmentsby Ionut Arghire on March 31, 2026 at 1:53 pm
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek.
- Huskeys Emerges From Stealth With $8 Million in Fundingby Ionut Arghire on March 30, 2026 at 12:40 pm
The startup has built an edge security management (ESM) platform, an AI engine atop the entire edge security stack. The post Huskeys Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek.
- From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPIby Ionut Arghire on March 25, 2026 at 11:55 am
The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared first on SecurityWeek.
- Raven Emerges From Stealth With $20 Million in Fundingby Ionut Arghire on March 19, 2026 at 10:31 am
Ravenβs platform observes applications at runtime to detect anomalous behavior and prevent cyberattacks. The post Raven Emerges From Stealth With $20 Million in Funding appeared first on SecurityWeek.
- API Threats Grow in Scale as AI Expands the Blast Radiusby Kevin Townsend on February 17, 2026 at 2:00 pm
New research shows attackers increasingly abusing APIs at machine speed as AI-driven systems widen exposure and amplify impact. The post API Threats Grow in Scale as AI Expands the Blast Radius appeared first on SecurityWeek.
- Zast.AI Raises $6 Million for AI-Powered Code Securityby Ionut Arghire on February 11, 2026 at 1:29 pm
The startup relies on AI agents to identify software vulnerabilities and validate them before reporting. The post Zast.AI Raises $6 Million for AI-Powered Code Security appeared first on SecurityWeek.
- Backslash Raises $19 Million to Secure Vibe Codingby Ionut Arghire on February 10, 2026 at 2:01 pm
The company will use the investment to expand its R&D team and operations, deepen platform capabilities, and scale go-to-market presence. The post Backslash Raises $19 Million to Secure Vibe Coding appeared first on SecurityWeek.
- VS Code Configs Expose GitHub Codespaces to Attacksby Ionut Arghire on February 5, 2026 at 1:41 pm
VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request. The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek.
- Rein Security Emerges From Stealth With $8M, Bringing Inside-Out AppSec Approachby Kevin Townsend on January 28, 2026 at 1:00 pm
Rein aims to close the production visibility gap by stopping attacks inside the application runtime. The post Rein Security Emerges From Stealth With $8M, Bringing Inside-Out AppSec Approach appeared first on SecurityWeek.
