application-security

WhatsApp warns of spyware in fake iPhone app

• application-security
• Privacy
• security-operations

WhatsApp warns of spyware in fake iPhone app

SC Staff April 2, 2026

WhatsApp accused Italian spyware firm SIO of creating the fake app.

Read More Read more about WhatsApp warns of spyware in fake iPhone app

Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

• application-security
• devsecops
• malware
• ransomware

Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

Steve Zurier April 1, 2026

Attackers continue to evade defenders by using legitimate platforms like AWS and Microsoft utilities.

Read More Read more about Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

FBI warns Americans about data risks in foreign-developed mobile apps

• application-security
• data-security
• Privacy

FBI warns Americans about data risks in foreign-developed mobile apps

SC Staff April 1, 2026

The FBI's public service announcement details how certain mobile apps may continuously collect user data, even when...

Read More Read more about FBI warns Americans about data risks in foreign-developed mobile apps

Free Android VPNs expose users to tracking and risky servers, research finds

• application-security
• data-security
• Privacy

Free Android VPNs expose users to tracking and risky servers, research finds

SC Staff April 1, 2026

The analysis, using MobSF, focused on app permissions, third-party trackers, hardcoded network endpoints, and developer emails.

Read More Read more about Free Android VPNs expose users to tracking and risky servers, research finds

New critical Telegram zero-click issue threatens total device compromise

• application-security
• vulnerability-management

New critical Telegram zero-click issue threatens total device compromise

SC Staff March 31, 2026

Cybernews reports that Telegram for Android and Telegram Desktop for Linux have been affected by a critical...

Read More Read more about New critical Telegram zero-click issue threatens total device compromise

From cyber risk to business impact: A conversation with IBM and CyberSaint

• aiml
• application-security
• rsac
• security-operations
• soc

From cyber risk to business impact: A conversation with IBM and CyberSaint

SC Staff March 31, 2026

IBM's Mark Hughes and Fabio Campos discuss how organizations are rethinking cyber risk through automation, real-time data,...

Read More Read more about From cyber risk to business impact: A conversation with IBM and CyberSaint

Axios npm supply chain attack: Malicious updates add remote access trojan

• application-security
• devsecops
• identity
• malware
• supply-chain
• threat-intelligence

Axios npm supply chain attack: Malicious updates add remote access trojan

Laura French March 31, 2026

The axios npm package, with about 100 million weekly downloads, was compromised via a maintainer’s account.

Read More Read more about Axios npm supply chain attack: Malicious updates add remote access trojan

OpenAI fixes Codex flaw that could lead to GitHub token theft

• aiml
• application-security
• identity
• supply-chain

OpenAI fixes Codex flaw that could lead to GitHub token theft

Laura French March 31, 2026

A command injection hidden in a branch name could cause an OAuth token to be exfiltrated.

Read More Read more about OpenAI fixes Codex flaw that could lead to GitHub token theft

Developing the Skills Needed for Modern Software Development – Keith Hoodlet, Ron Rasin, Shashwat Sehgal – ASW #376

• application-security
• security-staff-acquisition-development

Developing the Skills Needed for Modern Software Development – Keith Hoodlet, Ron Rasin, Shashwat Sehgal – ASW #376

Mike Shema March 31, 2026

Read More Read more about Developing the Skills Needed for Modern Software Development – Keith Hoodlet, Ron Rasin, Shashwat Sehgal – ASW #376

Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

• application-security
• devsecops
• malware
• rsac
• supply-chain

Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

Paul Wagenseil March 28, 2026

The Shai-Hulud worms that exploited automatic updates in open-source software repositories may be only the beginning, two...

Read More Read more about Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way