Application Security News – SecurityWeek Cybersecurity News, Insights & Analysis
- Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis
by Kevin Townsend on June 2, 2026 at 4:35 pmAs AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on SecurityWeek.
- Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attackby Ionut Arghire on May 25, 2026 at 7:40 am
Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek.
- Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Preventionby Ionut Arghire on May 21, 2026 at 11:17 am
The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions. The post Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention appeared first on SecurityWeek.
- AI-Powered App Attacks Are Faster, More Frequent and Harder to Stopby Kevin Townsend on May 20, 2026 at 2:37 pm
Digital.ai’s latest threat report warns that agentic AI has erased the distinction between emerging and primary targets, enabling attackers to strike mobile apps within hours of release across every industry. The post AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop appeared first on SecurityWeek.
- Boost Security Raises $4 Million for SDLC Defense Platformby Ionut Arghire on May 7, 2026 at 2:51 pm
The company is expanding its platform’s capabilities with the acquisition of SecureIQx and Korbit.ai. The post Boost Security Raises $4 Million for SDLC Defense Platform appeared first on SecurityWeek.
- Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijackingby Kevin Townsend on May 7, 2026 at 2:33 pm
Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms. The post Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking appeared first on SecurityWeek.
- Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictableby Kevin Townsend on April 28, 2026 at 12:00 pm
Agentic AI can be expensive to use, causing further and unpredictable pressure on tight budgets. The post Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable appeared first on SecurityWeek.
- Axios NPM Package Breached in North Korean Supply Chain Attackby Ionut Arghire on April 1, 2026 at 8:45 am
A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.
- TeamPCP Moves From OSS to AWS Environmentsby Ionut Arghire on March 31, 2026 at 1:53 pm
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek.
- Huskeys Emerges From Stealth With $8 Million in Fundingby Ionut Arghire on March 30, 2026 at 12:40 pm
The startup has built an edge security management (ESM) platform, an AI engine atop the entire edge security stack. The post Huskeys Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek.
