Application Security Archives – SecurityWeek Cybersecurity News, Insights & Analysis
- Aikido Security Raises $60 Million at $1 Billion Valuation
by Eduard Kovacs on January 14, 2026 at 6:01 pmThe developer security company has raised a total of more than $84 million in funding. The post Aikido Security Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek.
- Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heistby Ionut Arghire on December 31, 2025 at 11:58 am
The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek.
- MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilitiesby Ionut Arghire on December 12, 2025 at 12:00 pm
XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on SecurityWeek.
- React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerabilityby Eduard Kovacs on December 4, 2025 at 10:06 am
A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek.
- Clover Security Raises $36 Million to Secure Software by Designby Ionut Arghire on November 26, 2025 at 2:08 pm
The cybersecurity startup embeds AI agents into widely used tools to identify design flaws and eliminate them early. The post Clover Security Raises $36 Million to Secure Software by Design appeared first on SecurityWeek.
- Watch Now: Protecting What WAFs and Gateways Can’t See – Registerby SecurityWeek News on November 19, 2025 at 3:27 pm
Learn why legacy approaches fail to stop modern API threats and show how dedicated API security delivers the visibility, protection, and automation needed to defend against today’s evolving risks. The post Watch Now: Protecting What WAFs and Gateways Can’t See – Register appeared first on SecurityWeek.
- Amazon Detects 150,000 NPM Packages in Worm-Powered Campaignby Ionut Arghire on November 14, 2025 at 10:40 am
A financially motivated threat actor automated the package publishing process in a coordinated tea.xyz token farming campaign. The post Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign appeared first on SecurityWeek.
- Two New Web Application Risk Categories Added to OWASP Top 10by Ionut Arghire on November 10, 2025 at 1:21 pm
OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications. The post Two New Web Application Risk Categories Added to OWASP Top 10 appeared first on SecurityWeek.
- GlassWorm Malware Returns to Open VSX, Emerges on GitHubby Ionut Arghire on November 10, 2025 at 12:46 pm
Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well. The post GlassWorm Malware Returns to Open VSX, Emerges on GitHub appeared first on SecurityWeek.
- Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacksby Eduard Kovacs on November 4, 2025 at 4:10 pm
Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux. The post Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks appeared first on SecurityWeek.
