Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Application Security including monitoring, testing, and open source.

veracode

Top 5 Application Security Tools Your Team Needs in 2026

Dec 22, 2025 By Natalie Tischler In Veracode
Cyberattacks are growing in frequency and sophistication. Data from the 2024 Verizon Data Breach Investigations Report shows that breaches exploiting application vulnerabilities have increased by 180% in the last year alone. Applications remain a primary target, yet development teams are under constant pressure to innovate and deliver faster. Using disconnected or inadequate application security tools creates security gaps, slows down development pipelines, and ultimately increases business risk.
Read Post
jfrog

The Breach You Didn't Expect: Your AppSec Stack

Dec 22, 2025 By Jens Eckels In JFrog
Imagine this. Your phone rings on January 2nd, and it’s your DevSecOps and AppSec groups. A major security vulnerability is exposing your business, and your teams are trying desperately to find and fix it to protect your data. You probably have scars as far back as Log4j, as well as threats from more recent incidents like npm attacks, Glassworm and others ringing in your ears. With CVEs expected to rise by tens of thousands a year, you can envision that the situation will only worsen.
Read Post

Ep 23: How to bootstrap your AppSec program

Dec 16, 2025 By Sumo Logic, Inc. In Sumo Logic
On this episode of Masters of Data, Adam sits down with Zoe Hawkins and David Girvin to talk AppSec programs that don't suck. David's hot take from his 1Password and Red Canary days? AppSec is a people problem, not a tooling problem—stop being the person devs dodge at standup. We cover the essentials: build relationships first, threat model based on actual business risk (not your anxiety), and ditch the "shift left" obsession with scanning everything. Instead, start with offensive testing that finds vulnerabilities attackers can actually exploit.
View Video
aikido

SAST in the IDE is now free: Moving SAST to where development actually happens

Dec 15, 2025 By Trusha Sharma In Aikido
We’re making a fundamental change to how teams use SAST. SAST in the IDE is now free. This means developers can run SAST scans directly inside their editor, with real-time feedback and project-wide visibility, using the same analysis engine and SAST rules as Aikido. Detection runs automatically as developers work, without limiting coverage at the detection layer.
Read Post

We Asked AI Security Experts to Explain Their Work Using Emojis #AISecurity #AI #AppSec

Dec 15, 2025 By Mend In Mend
Can you explain AI Security using only emojis? We challenged AI Security professionals to do just that — no words, just symbols. Their creative combos reveal how experts really think about risks, models, and protection in today’s AI-driven world. From to to , each emoji tells a story about securing the systems behind the world’s most powerful models. Subscribe for more creative takes on AppSec, AI Security, and secure development from the Mend.io team.
View Video
aikido

React & Next.js DoS Vulnerability (CVE-2025-55184): What You Need to Fix After React2Shell

Dec 12, 2025 By Mackenzie Jackson In Aikido
If you upgraded only to address CVE-2025-55182 (React2Shell), you may still be vulnerable. CVE-2025-55184 affects adjacent RSC code paths and can allow attackers to take your app offline, even without gaining code execution. You should ensure you’re running the latest patched React and Next.js versions, including fixes for the follow-up CVE-2025-67779.
Read Post
aikido

OWASP Top 10 for Agentic Applications (2026): What Developers and Security Teams Need to Know

Dec 10, 2025 By Sooraj Shah In Aikido
Agentic AI is moving into production in CI/CD pipelines, internal copilots, customer support workflows, and infrastructure automation. These systems no longer just call a model. They plan, decide, delegate, and take actions on behalf of users and other systems. This creates new attack surfaces that do not map cleanly to traditional application security or even the OWASP Top 10 2025.
Read Post
veracode

Beyond Speed: Why Free AppSec Testing Tools Cost You More

Dec 9, 2025 By Joe Ariganello In Veracode
The expectation for fast and free solutions dominates both personal and professional environments. From streaming platforms to software tools, convenience and zero-cost access often drive decision-making. While this approach may seem efficient on the surface, it raises critical questions about the hidden costs and overlooked trade-offs.
Read Post
astra

API Security vs Application Security: What's the Difference & Best Practices 2026

Dec 5, 2025 By Suyash Jain In Astra
Over the past few years, APIs have quietly become the front door to your most critical data and workflows, flipping security ownership on its head. Accountability and ownership of both API and Application security have shifted from your central infra and network teams to product, platform, and engineering squads that ship new APIs every week, and well, sometimes every day. This is where CISOs and CTOs feel the tug strengthening from both sides.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.