application-security

OpenAI’s macOS app-signing process hit by axios supply chain attack

• aiml
• application-security
• generative-ai
• supply-chain

OpenAI’s macOS app-signing process hit by axios supply chain attack

Laura French April 13, 2026

The company is revoking and rotating certificates “out of an abundance of caution.”

Read More Read more about OpenAI’s macOS app-signing process hit by axios supply chain attack

Microsoft 365 mailbox rules abused for exfiltration, persistence

• application-security

Microsoft 365 mailbox rules abused for exfiltration, persistence

Steve Zurier April 13, 2026

Attackers abuse Microsoft 365 mailbox rules to hide activity, steal data, and persist after password resets.

Read More Read more about Microsoft 365 mailbox rules abused for exfiltration, persistence

EngageLab SDK bug threatened expansive Android crypto wallet compromise

• application-security
• vulnerability-management

EngageLab SDK bug threatened expansive Android crypto wallet compromise

SC Staff April 10, 2026

Popular third-party Android software development kit EngageLab SDK has been impacted by an already addressed intent redirection...

Read More Read more about EngageLab SDK bug threatened expansive Android crypto wallet compromise

Actor tied to Raccoon targets ‘several dozen’ companies by exploiting BPOs and helpdesks

• application-security
• identity
• phishing

Actor tied to Raccoon targets ‘several dozen’ companies by exploiting BPOs and helpdesks

Steve Zurier April 9, 2026

Google says UNC6783 leverages social engineering and phishing campaigns to gain entry to the BPOs.

Read More Read more about Actor tied to Raccoon targets ‘several dozen’ companies by exploiting BPOs and helpdesks

Rethinking Linux security operations

• application-security
• devsecops
• security-operations
• soc

Rethinking Linux security operations

Dennis Zimmer April 9, 2026

Tool sprawl weakens Linux security — unified, AI-driven ops boost speed, context, and resilience.

Read More Read more about Rethinking Linux security operations

Outdated software on Macs and mobile devices poses significant security risk

• application-security
• vulnerability-management

Outdated software on Macs and mobile devices poses significant security risk

SC Staff April 8, 2026

The research highlights that nearly all assessed mobile apps (95%) contain at least one medium-severity vulnerability.

Read More Read more about Outdated software on Macs and mobile devices poses significant security risk

Why secrets detection belongs everywhere in your security workflow

• aiml
• application-security
• devsecops
• generative-ai
• identity

Why secrets detection belongs everywhere in your security workflow

Michael Weber April 8, 2026

Secrets detection must expand across workflows with validation to cut noise and stop leaks.

Read More Read more about Why secrets detection belongs everywhere in your security workflow

The Axios npm breach taught us the need for a personal zero-trust

• application-security
• devsecops
• supply-chain
• zero-trust

The Axios npm breach taught us the need for a personal zero-trust

Aaron Beardslee April 7, 2026

Security pros need to develop a mental zero-trust that trusts nothing and tests everything.

Read More Read more about The Axios npm breach taught us the need for a personal zero-trust

AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design – Idan Plotnik, Raj Mallempati – ASW #377

• ai-benefitsrisks
• application-security
• generative-ai

AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design – Idan Plotnik, Raj Mallempati – ASW #377

Mike Shema April 7, 2026

Read More Read more about AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design – Idan Plotnik, Raj Mallempati – ASW #377

MCP isn’t a protocol problem. It’s an identity crisis nobody is treating.

• ai-benefitsrisks
• aiml
• application-security

MCP isn’t a protocol problem. It’s an identity crisis nobody is treating.

Nik Kale April 6, 2026

MCP’s real risk isn’t protocol flaws — it’s missing identity, leaving AI actions untraceable.

Read More Read more about MCP isn’t a protocol problem. It’s an identity crisis nobody is treating.