Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Application Security including monitoring, testing, and open source.

aikido

The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties

Oct 31, 2025 By Ilyas Makari In Aikido
It wasn’t long ago that we uncovered compromised extensions on Open VSX. Now, a new wave of attacks is emerging, and all signs point to the same threat actor. The technique will sound familiar: hidden malicious code injected with invisible Unicode Private Use Area (PUA) characters. We first saw this trick back in March when npm packages used PUAs to conceal payloads. Then came Open VSX. Now, the attacker seems to have turned their sights on GitHub, and their methods are evolving.
Read Post

Same Adversary, New Terrain: Adapting an Endpoint Detection Mindset to the Cloud

Oct 30, 2025 By Datadog In Datadog
In their talk, Katie Nickels (Sr. Director of Intelligence Operations) and Jesse Griggs (Sr. Threat Researcher) from Red Canary show you how to adapt an endpoint detection mindset to the cloud, specifically focusing on pre-impact TTPs and building robust cloud detections.
View Video

Datadog Detect (October 30, 2025)

Oct 30, 2025 By Datadog In Datadog
Datadog Detect is a virtual mini-conference dedicated to helping security teams modernize detection and response by applying engineering best practices. Hear talks from industry experts, including security researchers and engineers at Datadog, Red Canary, and Corelight to learn about building scalable, effective security operations.
View Video

The Goldilocks Approach: Finding Detections That Are Just Right

Oct 30, 2025 By Datadog In Datadog
In this talk, Megan Roddie-Fonseca, Sr. Security Engineer at Datadog, addresses the challenge of finding "just right" detections, leveraging data classification techniques like recall and precision to balance false positives and missed attacks. Presented on October 30, 2025 for Datadog Detect.
View Video

Silence of the Daemons: Why Evasion Isn't About Location and NDR's Role in the Cloud

Oct 30, 2025 By Datadog In Datadog
In this talk, David Burkett, Cloud Security Researcher at Corelight, highlights how timeless evasion tactics create critical blind spots in cloud workloads, and illustrates the role of Network Detection and Response (NDR) as a resilient countermeasure. Presented on October 30, 2025 for Datadog Detect.
View Video
veracode

The State of Application Security in Financial Services: Managing Security Debt

Oct 29, 2025 By Natalie Tischler In Veracode
Application security in financial services is essential to maintaining trust, compliance, and operational resilience in a rapidly evolving digital landscape. Financial services organizations must balance innovation with holistic security controls, especially as the pressure to launch new digital solutions grows. The evidence is clear: challenges around “security debt,” unresolved flaws left in production for over a year, pose material risk to the sector.
Read Post
mend

Mend.io Expands AI Native AppSec to Windsurf, CoPilot, Claude Code, and Amazon Q Developer

Oct 21, 2025 By Mend.io Team In Mend
Today, Mend.io is expanding its AppSec capabilities to secure the five most popular agentic IDEs — including Windsurf, CoPilot, Claude Code, Amazon Q Developer, and Cursor — ensuring that developers can move at AI speed without compromising security.
Read Post
Snyk

Increasing Agility & Flexibility: How Mercato Solutions tackles the application security vs. flexibility conundrum with Snyk

Oct 16, 2025 By Nina McClure In Snyk
Company overview: Mercato Solutions is one of EMEAs fastest growing and most innovative low-code enterprise application providers. Champion / Spokesperson: Neil Tonkin, CTO Mercato Solutions is one of EMEAs fastest growing and most innovative low-code enterprise application providers. The company helps their global clients transform their business processes with bespoke and branded software platforms, applications, and cloud environments that help work flow more efficiently and effectively.
Read Post

Why Security Can Be Stricter: A Zero Trust Approach to AppSec with AI | Mend.io

Oct 16, 2025 By Mend In Mend
Is AI making application security easier or harder? We spoke to Amit Chita, Field CTO at Mend.io, the rise of AI agents in the Software Development Lifecycle (SDLC) presents a unique opportunity for security teams to be stricter than ever before. As developers increasingly use AI agents and integrate LLMs into applications, the attack surface is evolving in ways traditional security can't handle. The only way forward is a Zero Trust approach to your own AI models. Join Ashish Rajan and Amit Chita as they discuss the new threats introduced by AI and how to build a resilient security program for this new era.
View Video

Securing AI Applications in the Cloud: Shadow AI, RAG & Real Risks | Mend.io

Oct 16, 2025 By Mend In Mend
What does it take to secure AI-based applications in the cloud? In this episode, host Ashish Rajan sits down with Bar-el Tayouri, Head of Mend AI at Mend.io, to dive deep into the evolving world of AI security. From uncovering the hidden dangers of shadow AI to understanding the layers of an AI Bill of Materials (AIBOM), Bar-el breaks down the complexities of securing AI-driven systems. Learn about the risks of malicious models, the importance of red teaming, and how to balance innovation with security in a dynamic AI landscape. What is an AIBOM and why it matters The stages of AI adoption.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.