devsecops

Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

• application-security
• devsecops
• malware
• ransomware

Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

Steve Zurier April 1, 2026

Attackers continue to evade defenders by using legitimate platforms like AWS and Microsoft utilities.

Read More Read more about Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

Axios npm supply chain attack: Malicious updates add remote access trojan

• application-security
• devsecops
• identity
• malware
• supply-chain
• threat-intelligence

Axios npm supply chain attack: Malicious updates add remote access trojan

Laura French March 31, 2026

The axios npm package, with about 100 million weekly downloads, was compromised via a maintainer’s account.

Read More Read more about Axios npm supply chain attack: Malicious updates add remote access trojan

Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

• application-security
• devsecops
• malware
• rsac
• supply-chain

Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

Paul Wagenseil March 28, 2026

The Shai-Hulud worms that exploited automatic updates in open-source software repositories may be only the beginning, two...

Read More Read more about Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

RSAC 2026: Treat AI like a ‘junior developer’ to catch coding errors

• aiml
• devsecops
• rsac
• vulnerability-management

RSAC 2026: Treat AI like a ‘junior developer’ to catch coding errors

Laura French March 27, 2026

OX Security found AI coding assistants make the same common mistakes as humans.

Read More Read more about RSAC 2026: Treat AI like a ‘junior developer’ to catch coding errors

OWASP Gen AI Security Project RSAC 2026 – Scott Clinton – RSAC26 #6

• aiml
• application-security
• devsecops

OWASP Gen AI Security Project RSAC 2026 – Scott Clinton – RSAC26 #6

Mike Shema March 26, 2026

Read More Read more about OWASP Gen AI Security Project RSAC 2026 – Scott Clinton – RSAC26 #6

Apiiro’s Idan Plotnik on how AI-driven development and the risk landscape

• aiml
• application-security
• devsecops
• rsac
• third-party-code

Apiiro’s Idan Plotnik on how AI-driven development and the risk landscape

SC Staff March 26, 2026

Idan Plotnik discusses how AI-driven development is reshaping the application risk landscape.

Read More Read more about Apiiro’s Idan Plotnik on how AI-driven development and the risk landscape