application-security

EngageLab SDK bug threatened expansive Android crypto wallet compromise

• application-security
• vulnerability-management

EngageLab SDK bug threatened expansive Android crypto wallet compromise

SC Staff April 10, 2026

Popular third-party Android software development kit EngageLab SDK has been impacted by an already addressed intent redirection...

Read More Read more about EngageLab SDK bug threatened expansive Android crypto wallet compromise

Actor tied to Raccoon targets ‘several dozen’ companies by exploiting BPOs and helpdesks

• application-security
• identity
• phishing

Actor tied to Raccoon targets ‘several dozen’ companies by exploiting BPOs and helpdesks

Steve Zurier April 9, 2026

Google says UNC6783 leverages social engineering and phishing campaigns to gain entry to the BPOs.

Read More Read more about Actor tied to Raccoon targets ‘several dozen’ companies by exploiting BPOs and helpdesks

Rethinking Linux security operations

• application-security
• devsecops
• security-operations
• soc

Rethinking Linux security operations

Dennis Zimmer April 9, 2026

Tool sprawl weakens Linux security — unified, AI-driven ops boost speed, context, and resilience.

Read More Read more about Rethinking Linux security operations

Outdated software on Macs and mobile devices poses significant security risk

• application-security
• vulnerability-management

Outdated software on Macs and mobile devices poses significant security risk

SC Staff April 8, 2026

The research highlights that nearly all assessed mobile apps (95%) contain at least one medium-severity vulnerability.

Read More Read more about Outdated software on Macs and mobile devices poses significant security risk

Why secrets detection belongs everywhere in your security workflow

• aiml
• application-security
• devsecops
• generative-ai
• identity

Why secrets detection belongs everywhere in your security workflow

Michael Weber April 8, 2026

Secrets detection must expand across workflows with validation to cut noise and stop leaks.

Read More Read more about Why secrets detection belongs everywhere in your security workflow

The Axios npm breach taught us the need for a personal zero-trust

• application-security
• devsecops
• supply-chain
• zero-trust

The Axios npm breach taught us the need for a personal zero-trust

Aaron Beardslee April 7, 2026

Security pros need to develop a mental zero-trust that trusts nothing and tests everything.

Read More Read more about The Axios npm breach taught us the need for a personal zero-trust

AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design – Idan Plotnik, Raj Mallempati – ASW #377

• ai-benefitsrisks
• application-security
• generative-ai

AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design – Idan Plotnik, Raj Mallempati – ASW #377

Mike Shema April 7, 2026

Read More Read more about AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design – Idan Plotnik, Raj Mallempati – ASW #377

MCP isn’t a protocol problem. It’s an identity crisis nobody is treating.

• ai-benefitsrisks
• aiml
• application-security

MCP isn’t a protocol problem. It’s an identity crisis nobody is treating.

Nik Kale April 6, 2026

MCP’s real risk isn’t protocol flaws — it’s missing identity, leaving AI actions untraceable.

Read More Read more about MCP isn’t a protocol problem. It’s an identity crisis nobody is treating.

SparkCat malware returns on app stores, targeting cryptocurrency users

• application-security
• malware
• threat-intelligence

SparkCat malware returns on app stores, targeting cryptocurrency users

SC Staff April 6, 2026

The malware, identified by cybersecurity firm Kaspersky, has appeared in apps on both iOS and Android platforms,...

Read More Read more about SparkCat malware returns on app stores, targeting cryptocurrency users

NoVoice Android malware steals WhatsApp data via Google Play apps

• application-security
• data-security
• malware

NoVoice Android malware steals WhatsApp data via Google Play apps

SC Staff April 2, 2026

The NoVoice operation, identified by McAfee, concealed malicious components within the com.facebook.utils package, blending them with legitimate...

Read More Read more about NoVoice Android malware steals WhatsApp data via Google Play apps