%term

Breaking AppSec Myths - Obfuscated Packages

Feb 4, 2026 By Guy Korolevski In JFrog

As part of the JFrog Security Research team’s ongoing work, we continuously monitor newly published packages across multiple ecosystems for malicious activity. This effort serves the broader open source community through public research disclosures, and it directly impacts the detection capabilities behind JFrog Xray and JFrog Curation. Our scanning pipeline uses a broad set of indicators to detect suspicious behavior.

Read Post

JFrog

Read more about Breaking AppSec Myths - Obfuscated Packages

Contain the SSO blast radius: Identity security beyond MFA

Feb 4, 2026 By Eric Sun In CyberArk

Over the past week, multiple research teams have documented a renewed wave of voice-led social engineering (vishing) targeting identity providers and federated access. The entry point is not through malware or a zero-day exploit. The goal is simple. Persuade a user to help complete authentication in real time, then use that trusted session to move through SaaS applications and exfiltrate data. Security leaders already know the fundamentals. Multi-factor authentication (MFA) can be socially engineered.

Read Post

CyberArk

Read more about Contain the SSO blast radius: Identity security beyond MFA

AlgoSec Horizon Platform

Feb 4, 2026 By AlgoSec In AlgoSec

Experience the power of AlgoSec Horizon— the industry's first application-centric security management platform for the hybrid network environment. Gain deep visibility, automate security changes and ensure continuous compliance in your datacenter and multi-cloud network.

View Video

AlgoSec

Read more about AlgoSec Horizon Platform

Passwordless Authentication: Where It Strengthens Security and Where It Doesn't

Feb 4, 2026 By SafeAeon Inc. In SafeAeon

Passwords are still used almost everywhere. People reuse and share their passwords without knowing the risks. Attackers take advantage of these situations. Phishing emails and malware are enough to steal a password, and this is how many security incidents start. The problem can be reduced using passwordless authentication. When passwords are removed from the login process, attackers would find it difficult to attack that device or account.

Read Post

SafeAeon

Read more about Passwordless Authentication: Where It Strengthens Security and Where It Doesn't

AppViz: Discover, visualize and secure application connectivity

Feb 4, 2026 By AlgoSec In AlgoSec

Organizations face complex challenges in managing security across hybrid environments, leading to potential vulnerabilities and compliance risks. AlgoSec offers a comprehensive solution that provides deep visibility, automates security changes, and ensures continuous compliance.

View Video

AlgoSec

Read more about AppViz: Discover, visualize and secure application connectivity

Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode

Feb 4, 2026 By Akshay Gaikwad, Shikha Sangwan, Aaron Beardslee In Securonix

Securonix Threat Research has been tracking a stealthy malware campaign that uses an uncommon chain of VHD abuse, script-based execution, self-parsing batch logic, fileless PowerShell injections and ultimately dropping RAT. The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory shellcode injection into trusted Windows processes, never dropping a decrypted binary to disk.

Read Post

Securonix

Read more about Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode

Is your vendor data a source of insight-or just more noise?

Feb 4, 2026 By Bitsight In BitSight

For many risk and compliance leaders, the reality of Third-Party Risk Management (TPRM) is a mountain of disorganized spreadsheets, overflowing inboxes, and endless PDFs. When an audit is seven days away or the Board asks for a risk posture update, documentation overload becomes a liability. In this video, we explore the transition from vendor chaos to risk clarity. The Challenge.

View Video

BitSight

Read more about Is your vendor data a source of insight-or just more noise?

AI Code Generation: 3 Critical Security Risks

Feb 4, 2026 By Snyk In Snyk

AI Code Generation: 3 Critical Security Risks.

View Video

Snyk

Read more about AI Code Generation: 3 Critical Security Risks

What Happens If the At-Fault Driver Was Working at the Time of the Crash?

Feb 4, 2026 By SecuritySenses In SecuritySenses

You got hurt in a crash. The other driver caused it. Then you learn that driver was on the clock for work. That one fact can change everything. It can affect who pays your medical bills. It can affect lost wages. It can affect how you rebuild your life. When a driver works, the employer may share legal responsibility. The company may have insurance with higher limits. Yet the rules are strict. You must show the driver was actually working. You must also act fast. Evidence fades. Memories shift. Companies protect themselves.

Read Post

SecuritySenses

Read more about What Happens If the At-Fault Driver Was Working at the Time of the Crash?

How Whistleblowers and Activists Protect Their Identity When Mailing

Feb 4, 2026 By SecuritySenses In SecuritySenses

When you deal with sensitive information as a whistleblower, activist, or journalist, even sending regular documents can feel risky. Sure, the letter itself can be 100% legal, nothing shady at all, just information. But the stress is still there. The problem isn't really what you're sending. rather it's the trail that leads straight back to you.

Read Post