Expert perspectives on application security, compliance, and emerging threats
GeneralScope - What This Guide Covers This guide focuses on data integrity controls for AI systems that inform business decisions. You ll find governance frameworks, implementation steps, and controls to pre
IncidentWhat Happened On March 23, 2026, malicious artifacts were published through a compromised Checkmarx GitHub repository. Seven days later, on March 30, attackers exfiltrated data from systems that had c
IncidentOn April 8, attackers compromised DAEMON Tools distribution infrastructure and replaced legitimate installers with trojanized versions. The attack continued through at least mid-April, affecting versi
IncidentBetween April 8 and May 5, 2026, Windows users who downloaded DAEMON Tools from its official website unknowingly installed malware. AVB Disc Soft s legitimate installers were compromised to deliver QU
Get weekly security insights and compliance updates delivered to your inbox.
IncidentThe Overlooked Vulnerability Threat Your Software Composition Analysis (SCA) tool flags 47 vulnerabilities in your production dependencies. You patch them, and your dashboard shows green. But here s t
DeadlinesThe CISA proposal to reduce the critical vulnerability remediation window from 14 days to 3 days isn t introducing a new issue—it s highlighting a long-standing problem in security operations. The rea
IncidentWhat Happened On January 8, 2025, researchers disclosed CVE-2026-33017 , a critical unauthenticated remote code execution vulnerability in Langflow, an open-source platform for building AI application
GeneralOrganizations often rely on automated scanning tools to detect malicious packages in their dependency chains. The belief is that if you can scan quickly and block threats within seconds, you re protec
IncidentIncident Overview Versions 2.6.2 and 2.6.3 of the lightning package on PyPI were compromised with malicious code. An attacker exploited a stored API token to publish these versions without authorizati
GeneralThe Conventional Wisdom Your team might hear that verifying AI model provenance—confirming a model s origin and training process—is essential for managing AI risk. Tools like Cisco s Model Provenance
GeneralThe Conventional Wisdom Your security team likely treats third-party plugins like procurement decisions. You download a component, run it through a static scanner, maybe have a senior engineer check t
GeneralYour developers installed 14 new VS Code extensions last week. How many did your security team review? If the answer is none, you re not alone—and that s exactly what the threat actors behind GlassWor
GeneralThe 2026 State of Open Source Report from Perforce OpenLogic reveals a critical disconnect: while 55 percent of organizations adopt open source to escape vendor lock-in, more than half that failed com
IncidentThe Challenge of AI-Driven Vulnerability Discovery On April 7, Anthropic released Claude Mythos Preview, an AI system designed to identify security vulnerabilities at scale. This tool promised to scan
IncidentOverview of the Vulnerability Unit 42 researchers have identified a vulnerability in Google Cloud Vertex AI s permission model. This flaw allows attackers with compromised credentials to escalate priv
IncidentWhat Happened On March 31, 2026, malicious versions of the axios npm package (1.14.1 and 0.30.4) were published to the npm registry using a compromised maintainer account (@jasonsaayman). The attacker
