Expert perspectives on application security, compliance, and emerging threats
StandardsThese questions started showing up in security Slack channels right after StepSecurity flagged two hijacked npm packages in the React Native ecosystem. These packages, with over 30,000 downloads per w
StandardsEndor Labs researchers have identified 88 new malicious npm packages in the latest PhantomRaven campaign—81 of which are still available for download. These packages are actively stealing credentials
StandardsOn March 20, 2026, Aikido Security detected CanisterWorm spreading across the npm ecosystem. Within hours, it had compromised more than 50 packages across multiple scopes. The attack used the Internet
StandardsScope This guide covers detection and mitigation strategies for supply chain attacks using decentralized infrastructure for command-and-control operations. You ll learn to identify compromised package
Get weekly security insights and compliance updates delivered to your inbox.
StandardsEvery npm install or pip install you run pulls code from strangers into your production systems. ENISA s Technical Advisory for Secure Use of Package Managers (March 2026) breaks dependency management
StandardsScope This guide focuses on detecting, preventing, and remediating malicious packages in PHP Composer dependency chains, specifically targeting threats from Packagist . It covers reconnaissance method
StandardsStarting September 2026, Chrome will move to a two-week release cycle with version 153. If you re managing web applications in production, you need a clear decision framework for how your team respond
StandardsThe Challenge Your platform engineering team might be managing multiple Kubernetes clusters across various environments. A common issue is policy chaos. One team adopted Kyverno as their policy engine
StandardsThese questions arise from recent experiences with contractors navigating the implications of the Cybersecurity Maturity Model Certification (CMMC) for their supplier relationships. With the Departmen
StandardsTeams often find themselves generating Software Bill of Materials (SBOMs) without knowing how to use them effectively. They might have set up SBOM tooling in their CI/CD pipeline, generating thousands
StandardsThe Challenge Security scanning tools often generate excessive noise. Your team is likely familiar with this issue. A typical enterprise application security (AppSec) program runs static application s
StandardsYour security measures are outdated for a development process that has evolved. When AI agents continuously write code—not in sprints or releases—traditional security practices like quarterly pen test
StandardsThe Challenge Anthropic s Claude Code Security identified over 500 previously unknown high-severity vulnerabilities in open-source codebases. While this might seem like a win for security teams, it pr
StandardsYour AI coding assistant just installed a malicious package. Not because it s compromised—because it made a typo. The SANDWORM_MODE campaign shows how AI tools like Claude Code and OpenClaw have becom
StandardsYour AI coding assistant just suggested a library. Your developer accepted it. Your codebase now includes a new dependency with 47 transitive dependencies, three of which have known CVEs. This happene
StandardsThe Challenge A platform engineering team managing a 15-year-old C++ codebase faced a directive from their CISO: reduce memory-safety vulnerabilities by Q3 or plan a multi-year rewrite. The system pro
