Application Security

AI/ML

How AI coding assistants could be compromised via rules file

Researchers showed how GitHub Copilot and Cursor could be manipulated with hidden Unicode.

Application security

Redlining the Smart Contract Top 10 – Shashank . – ASW #322

The crypto world is rife with smart contracts that have been outsmarted by attackers, with consequences in the millions of dollars (and more!). Shashank shares his research into scanning contracts for flaws, how the classes of contract flaws have changed in the last few years, and how optimistic we can be about the future of this space. Segment Re...

Application security

Microsoft restores VS Code theme flagged as malicious: We messed up

The theme had millions of installations before it was removed in late February.

Security Operations

New research reveals flaws in security team performance metrics

IDC's survey of 900 security leaders reveals widespread use of volume-based metrics for team performance. How do we shift from measuring activity to measuring true impact?

Application security

Android spyware ‘KoSpy’ spread by suspected North Korean APT

Malicious apps previously in the Google Play Store enabled theft of messages, files and more.

Application security

XCSSET macOS malware variant targets Xcode projects of app developers

XCSSET variant features enhanced stealth features that can lead to the exfiltration of sensitive financial information.

Identity

Who’s using what: Results from the 2025 Okta Businesses at Work report

Companies are running more security and collaboration applications, and many pay for "best-of-breed" solutions instead of saving with bundles, Okta's annual survey finds.

Businessman holding mobile phone which on the top of phone has upload and download cloud space computer.Technology and data information transfer concept.

Cloud Security

How to plan your cloud migration with security in mind

To protect your cloud-based assets, your organization must consider security and compliance when planning your cloud migration journey.

Application security

Skype Hangs Up, Android Backdoors, Jailbreak Research, Pretend AirTags, Wallbleed – ASW #321

Skype hangs up for good, over a million cheap Android devices may be backdoored, parallels between jailbreak research and XSS, impersonating AirTags, network reconnaissance via a memory disclosure vuln in the GFW, and more!

Application security

CISA’s Secure by Design Principles, Pledge, and Progress – Jack Cable – ASW #321

Just three months into 2025 and we already have several hundred CVEs for XSS and SQL injection. Appsec has known about these vulns since the late 90s. Common defenses have been known since the early 2000s. Jack Cable talks about CISA's Secure by Design principles and how they're trying to refocus businesses on addressing vuln classes and prioritizi...

Related Events

Rooting Out Overlooked Risks in the Data and AI Supply Chain: Introducing a New Approach

A More Ironclad AppSec: Forecast and Guidance Late 2024 and Early 2025

Application security: Key trends, tools and techniques

Perspectives

How OSINT awareness can mitigate social-engineering attacks

Stop treating core security features like SSO as premium luxuries

Why we need a better approach to DevSecOps

Briefs

GitHub Action supply chain attack less impactful than thought

Attacks exploiting critical PHP bug surge, report finds

Telegram CEO Pavel Durov allowed to leave France amid investigation