application-security

The Human Aspect of Red Teams – Brian Fox, Tom Tovar, T. Gwyddon ‘Data’ Owen – ASW #379

• application-security

The Human Aspect of Red Teams – Brian Fox, Tom Tovar, T. Gwyddon ‘Data’ Owen – ASW #379

Mike Shema April 21, 2026

Read More Read more about The Human Aspect of Red Teams – Brian Fox, Tom Tovar, T. Gwyddon ‘Data’ Owen – ASW #379

4 new Android malware families target 800+ apps

• application-security
• malware
• security-operations

4 new Android malware families target 800+ apps

SC Staff April 17, 2026

These malware families, named RecruitRat, SaferRat, Astrinox, and Massiv, employ various tactics like phishing and smishing to...

Read More Read more about 4 new Android malware families target 800+ apps

Bot traffic makes up 49% of online activity, but 99% of bots unwanted

• aiml
• application-security
• threat-intelligence
• threat-management

Bot traffic makes up 49% of online activity, but 99% of bots unwanted

Laura French April 17, 2026

Researchers warn malicious bots may spoof trusted user agents to disguise their intent.

Read More Read more about Bot traffic makes up 49% of online activity, but 99% of bots unwanted

Cisco patches critical bugs in Webex, ISE

• application-security
• identity
• ssomfa

Cisco patches critical bugs in Webex, ISE

Steve Zurier April 16, 2026

Experts warn that the Webex bug may get the headlines, but exploited ISE bugs offer attackers the...

Read More Read more about Cisco patches critical bugs in Webex, ISE

Fake Ledger app on Mac app store scams users out of $9.5 million

• application-security
• phishing

Fake Ledger app on Mac app store scams users out of $9.5 million

SC Staff April 15, 2026

The fraudulent app, available on Apple's App Store under the publisher name "Leva Heal Limited," tricked users...

Read More Read more about Fake Ledger app on Mac app store scams users out of $9.5 million

Over 100 malicious Chrome extensions steal tokens, deploy backdoors

• application-security
• data-security

Over 100 malicious Chrome extensions steal tokens, deploy backdoors

SC Staff April 15, 2026

The threat actor published these malicious extensions under five different publisher identities, spanning various categories such as...

Read More Read more about Over 100 malicious Chrome extensions steal tokens, deploy backdoors

Black Basta-linked attacks target executives via Teams phishing

• application-security
• phishing
• ransomware
• threat-intelligence
• threat-management

Black Basta-linked attacks target executives via Teams phishing

Laura French April 15, 2026

Suspected former Black Basta affiliates impersonate help desks to deploy RMM software.

Read More Read more about Black Basta-linked attacks target executives via Teams phishing

Critical wolfSSL vulnerability allows forged certificates

• application-security
• Encryption
• patchconfiguration-management
• vulnerability-management

Critical wolfSSL vulnerability allows forged certificates

SC Staff April 14, 2026

The vulnerability, discovered by Nicholas Carlini, is a cryptographic validation flaw affecting multiple signature algorithms in wolfSSL,...

Read More Read more about Critical wolfSSL vulnerability allows forged certificates

Securing Software’s Journey with the OWASP SPVS – Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen – ASW #378

• application-security
• generative-ai
• supply-chain

Securing Software’s Journey with the OWASP SPVS – Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen – ASW #378

Mike Shema April 14, 2026

Read More Read more about Securing Software’s Journey with the OWASP SPVS – Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen – ASW #378

Code, control, and chaos: Rethinking security in the age of AI-driven development

• aiml
• application-security
• devsecops

Code, control, and chaos: Rethinking security in the age of AI-driven development

Paul Wagenseil April 13, 2026

Security needs to become part of the development process rather than an external impediment.

Read More Read more about Code, control, and chaos: Rethinking security in the age of AI-driven development