Application Security Archives – SecurityWeek Cybersecurity News, Insights & Analysis
- GitHub Boosting Security in Response to NPM Supply Chain Attacks
by Ionut Arghire on September 24, 2025 at 10:17 amGitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing. The post GitHub Boosting Security in Response to NPM Supply Chain Attacks appeared first on SecurityWeek.
- Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hitby Ionut Arghire on September 17, 2025 at 9:09 am
The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit appeared first on SecurityWeek.
- Highly Popular NPM Packages Poisoned in New Supply Chain Attackby Ionut Arghire on September 10, 2025 at 8:39 am
Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments. The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.
- GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secretsby Eduard Kovacs on September 8, 2025 at 1:14 pm
A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them. The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek.
- US, Allies Push for SBOMs to Bolster Cybersecurityby Ionut Arghire on September 4, 2025 at 10:37 am
SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency. The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek.
- CISA Requests Public Feedback on Updated SBOM Guidanceby Ionut Arghire on August 25, 2025 at 10:44 am
CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment. The post CISA Requests Public Feedback on Updated SBOM Guidance appeared first on SecurityWeek.
- Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event)by SecurityWeek News on August 16, 2025 at 1:37 pm
CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) appeared first on SecurityWeek.
- Now Live: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event)by SecurityWeek News on August 12, 2025 at 12:25 pm
Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post Now Live: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) appeared first on SecurityWeek.
- CodeSecCon 2025: Where Software Security’s Next Chapter Unfoldsby SecurityWeek News on August 8, 2025 at 4:36 pm
Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds appeared first on SecurityWeek.
- Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applicationsby Eduard Kovacs on July 30, 2025 at 11:16 am
Base44 owner Wix quickly patched a critical authentication bypass vulnerability discovered by researchers at Wiz. The post Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications appeared first on SecurityWeek.
