%term

The latest News and Information on Application Security including monitoring, testing, and open source.

Prioritize, Protect, Prove: A Roadmap for Application Security Transformation

Mar 26, 2026 By Natalie Tischler In Veracode

The pace of software flaw creation is officially outpacing remediation capacity. Right now, 82% of organizations carry security debt. Traditional security methods simply cannot keep up with modern development speeds. As engineering teams ship code faster than ever, vulnerability backlogs grow, compounding challenges and leaving organizations exposed to threats. Data from the 2026 State of Software Security Report reveals a 36% relative increase in high-risk vulnerabilities.

Read Post

Veracode

Read more about Prioritize, Protect, Prove: A Roadmap for Application Security Transformation

Understanding Malicious Packages in Modern Software Supply Chains

Mar 26, 2026 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about Understanding Malicious Packages in Modern Software Supply Chains

BewAIre: Detecting Malicious Pull Requests at Scale with LLMs

Mar 23, 2026 By Datadog In Datadog

As AI coding assistants accelerate software development, the volume of pull requests at Datadog has grown to nearly 10,000 per week, increasing the risk that malicious changes slip through due to review fatigue. To address this, Datadog built BewAIre, an LLM-powered code review system designed to identify malicious source code changes introduced by threat actors. By reducing approval fatigue for developers while increasing friction for attackers, BewAIre guides human reviewers to the areas where judgment matters most, without slowing developer velocity.

View Video

Datadog

Read more about BewAIre: Detecting Malicious Pull Requests at Scale with LLMs

The Next Era of AppSec: Why AI-Generated Code Needs Offensive Dynamic Testing

Mar 20, 2026 By Nuno Loureiro In Snyk

My colleague Manoj Nair recently wrote about the growing gap between what AI builds and what security teams actually test. He made the case that the speed of AI-driven development has fundamentally outpaced validation, and that the response can't be to slow down, but to change what testing means. I agree with every word.

Read Post

Snyk

Read more about The Next Era of AppSec: Why AI-Generated Code Needs Offensive Dynamic Testing

Boost Security Launches Developer Endpoint Security to Secure AI-Driven Software Development at the Source

Mar 19, 2026 By Boost Security

New platform protects developer machines, coding agents, and AI-generated code before it reaches the repository.

Read Post

Read more about Boost Security Launches Developer Endpoint Security to Secure AI-Driven Software Development at the Source

Secure Your Future with a Compliance-First AppSec Posture

Mar 19, 2026 By Donna Namorato In Veracode

If you treat compliance as a final hurdle before deployment, you are already behind. For years, organizations have viewed regulatory compliance as a box to check—a necessary evil that slows down development and frustrates engineering teams. The standard approach involves scrambling before an audit, manually aggregating data from spreadsheets, and patching vulnerabilities at the last possible minute.

Read Post

Veracode

Read more about Secure Your Future with a Compliance-First AppSec Posture

fast-draft Open VSX Extension Compromised by BlokTrooper

Mar 18, 2026 By Raphael Silva In Aikido

The KhangNghiem/fast-draft extension, listed on open-vsx.org/extension/KhangNghiem/fast-draft and now sitting above 26,000 downloads, had multiple malicious releases that execute a GitHub-hosted downloader and pull a second-stage RAT and infostealer from the BlokTrooper/extension repository. The confirmed malicious releases in the version line we inspected are 0.10.89, 0.10.105, 0.10.106, and 0.10.112.

Read Post

Aikido

Read more about fast-draft Open VSX Extension Compromised by BlokTrooper

Glassworm Strikes Popular React Native Phone Number Packages

Mar 16, 2026 By Raphael Silva In Aikido

On March 16, 2026, two React Native npm packages from the AstrOOnauta were backdoored in a coordinated supply chain attack. Both releases added an identical install-time loader that fetches and executes a multi-stage Windows credential and crypto stealer, triggered by nothing more than a routine npm install. The affected packages are react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8.

Read Post

Aikido

Read more about Glassworm Strikes Popular React Native Phone Number Packages

How Security Teams Fight Back Against AI-Powered Hackers

Mar 12, 2026 By Dania Durnas In Aikido

Last month, the Mexican government was hacked. 150GB of government data was stolen, including 195 million taxpayer records. This attack exploited a couple of dozen vulnerabilities across ten institutions. In the past, this would have likely taken a skilled team months to crack. But of course, we’re living in a new age. This attack was executed by one person and their Claude Code assistant.

Read Post

Aikido

Read more about How Security Teams Fight Back Against AI-Powered Hackers

Webinar Recap: The Context Engine - Why Consolidation is the Natural Future of AppSec

Mar 11, 2026 By The JFrog Team In JFrog

As the software development lifecycle continues to evolve, the rise of AI is introducing both unprecedented productivity and unprecedented risk. In a recent webinar hosted by JFrog, Jens Eckels sat down with Forrester Senior Analyst Janet Worthington to discuss the state of application security (AppSec), the explosive growth of agentic software development, and why consolidating security tools is no longer a luxury, but a necessity.

Read Post