application-security

Trusted by default: The npm attack pattern security teams miss

• application-security
• third-party-code

Trusted by default: The npm attack pattern security teams miss

Mohit Bansal May 13, 2026

Developers are now the prime target in evolving npm supply chain attacks.

Read More Read more about Trusted by default: The npm attack pattern security teams miss

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

• application-security
• decentralized-identity-and-verifiable-credentials
• identity
• supply-chain

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

Steve Zurier May 12, 2026

Teams warn the latest Shai-Hulud wave weaponizes trusted OIDC tokens to bypass package integrity checks.

Read More Read more about ‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

Why Basic Security Practices Still Work – Rob Allen – ASW #382

• ai-benefitsrisks
• application-security
• ransomware

Why Basic Security Practices Still Work – Rob Allen – ASW #382

Mike Shema May 12, 2026

Read More Read more about Why Basic Security Practices Still Work – Rob Allen – ASW #382

SailPoint GitHub repo hit by third-party cyberattack

• application-security
• decentralized-identity-and-verifiable-credentials
• identity
• supply-chain

SailPoint GitHub repo hit by third-party cyberattack

Steve Zurier May 11, 2026

SailPoint says GitHub repo breach exposed no customer data or production systems.

Read More Read more about SailPoint GitHub repo hit by third-party cyberattack

Smartphone users increasingly forgo paid antivirus protection

• application-security

Smartphone users increasingly forgo paid antivirus protection

SC Staff May 11, 2026

A recent survey by Cybernews indicates that only 18% of mobile phone users in America pay for...

Read More Read more about Smartphone users increasingly forgo paid antivirus protection

Google removes 28 fraudulent apps from Play Store

• application-security

Google removes 28 fraudulent apps from Play Store

SC Staff May 11, 2026

Security researchers at ESET uncovered the malicious campaign, dubbed CallPhantom, which primarily targeted users in India, indicated...

Read More Read more about Google removes 28 fraudulent apps from Play Store

What OpenClaw revealed about the agent security model

• ai-benefitsrisks
• aiml
• application-security

What OpenClaw revealed about the agent security model

Goutham Nekkalapu May 11, 2026

OpenClaw exposed how insecure agent architectures can turn AI ecosystems into attack surfaces.

Read More Read more about What OpenClaw revealed about the agent security model

Vibe coding has cybersecurity asking what AI can — and can’t — replace

• aiml
• application-security
• devsecops
• generative-ai

Vibe coding has cybersecurity asking what AI can — and can’t — replace

Laura French May 11, 2026

Cyber pros balance hype, skepticism and uncertainty as AI coding disrupts industry norms.

Read More Read more about Vibe coding has cybersecurity asking what AI can — and can’t — replace

Analysis reveals concerning features in official White House app

• application-security
• data-security

Analysis reveals concerning features in official White House app

SC Staff May 8, 2026

A security researcher known as Thereallo has found that the app can inject code into third-party websites,...

Read More Read more about Analysis reveals concerning features in official White House app

The vulnerability flood is here. Patching won’t save you.

• aiml
• application-security
• generative-ai
• security-operations
• soc
• vulnerability-management

The vulnerability flood is here. Patching won’t save you.

Ariel Parnes May 8, 2026

AI-driven vulnerability discovery is outpacing patch cycles, forcing defenders to prioritize detection.

Read More Read more about The vulnerability flood is here. Patching won’t save you.