Szymon presenting at a conference wearing a suit made of code
If you want to ship features faster 🚀, without piling up security debt, make sure to check out our Szymon Drosdzol's presentation at #DevWorld 🇳🇱Amsterdam!
Duck Stage 1 - Hall 3, May 7th, 17:00
agenda.devworldconference.com/DevworldConf...
#doyensec #appsec #security
The latest update for #Wallarm includes "Attacking the MCP Trust Boundary" and "Why #API Discovery Is the First Step to Securing #AI".
#cybersecurity #APISecurity #AppSec https://opsmtrs.com/453oM6P
The latest update for #SaltSecurity includes "You're Not Watching MCPs. Anthropic's Vulnerability Shows Why You Should Be." and "Claude Mythos Changed Everything. Your #APIs Are the First Target.".
#cybersecurity #APISecurity #AppSec https://opsmtrs.com/40EBWWv
~Socket~
Socket launched Organization Notifications to provide batched, filterable email updates for security alerts.
-
IOCs: (None identified)
-
#AppSec #Socket #ThreatIntel
The latest update for #Mendit includes "A Poisoned Xinference Package Targets #AI Inference Servers" and "From Panic to Playbook: Modernizing Zero‑Day Response in #AppSec".
#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d
The latest update for #GitGuardian includes "SnowFROC 2026: Secure Defaults, Real Trust, and a Better Layer on Top" and "Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too".
#cybersecurity #DevOps #infosec #appsec https://opsmtrs.com/3XY1xZb
Researchers have developed a technique that uses “fingerprinting” to identify large language models embedded in applications, which can be used to accelerate attacks. jpmellojr.blogspot.com/2026/04/llmm... #AI #LLM #AppSec #LLMap
Then using your publish token to infect every package you maintain.
youtu.be/cACKs6IQZt8
One command can protect you immediately: npm config set ignore-scripts true
Do it today, please. Tell your team. Watch the full 60 seconds.
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm
The Boy That Cried Mythos: Verification is Collapsing Trust in Anthropic
www.flyingpenguin.com/the-boy-that... #cybersecurity #appsec #AI
What’s trending in cybersecurity today? Find out with the latest YouTube playlist we’ve curated. 👀 www.youtube.com/playlist
#Malware #Phishing #IncidentResponse #CyberAwareness #AppSec
At OWASP Global AppSec Vienna, there will be sessions, coffee runs, vendor chats… BUT what if you left with more than swag?
Meet The Mentor ☕⚡ 25 June 2026, 10:30–11:45 CEST — speed-dating for mentors & mentees. Real convos and real connections.
#appsec #owasp #OWASPVienna26 #mentors #conference
For anyone using CodeQL, this is solid! Adding sanitizers and validators to models-as-data should make security analysis way more precise. Less noise, more signal when you're hunting for vulnerabilities. Big win for secure coding practices. #CodeQL #AppSec
What’s trending in cybersecurity today? Find out with the latest YouTube playlist we’ve curated. 👀 www.youtube.com/playlist
#Malware #Phishing #IncidentResponse #CyberAwareness #AppSec
BaseFortify CVE report for CVE-2026-41144 showing NASA F Prime vulnerability with integer overflow and arbitrary file write details
🧠 Technical breakdown
• CWE-190: Integer Overflow
• CWE-787: Out-of-bounds write
• 32-bit addition wraps → bypass ⚠️
• No path sanitization
• Arbitrary file write → potential RCE
Hard-to-detect logic flaw 🔍
#AppSec #SecureCoding #Infosec #NASA
Early bird closes April 30, save €500 on a full-course ticket for #SecAppDev 2026. You get 5 days, 10+ speakers, 22 lectures, and 4 workshops all about #appsec in Leuven, Belgium.
One week to go on the #earlybird! secappdev.org/registration/
~Socket~
Socket launched a new Reports dashboard for chart-based views of vulnerabilities, dependencies, and usage.
-
IOCs: (None identified)
-
#AppSec #Socket #ThreatIntel
The latest update for #Veracode includes "#ApplicationSecurity Prioritization: How the Best Teams Fix What Matters Most" and "Seamless #DevSecOps for GitLab: Security Built Into Every Pipeline".
#cybersecurity #softwaresecurity #AppSec https://opsmtrs.com/3eO6tf7
The latest update for #Mendit includes "From Panic to Playbook: Modernizing Zero‑Day Response in #AppSec" and "Anthropic's Project Glasswing: What It Means for AppSec".
#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d
The latest update for #Wallarm includes "Why #API Discovery Is the First Step to Securing AI" and "#CISO Spotlight: Dimitris Georgiou on Building Security that Serves People First".
#cybersecurity #APISecurity #AppSec https://opsmtrs.com/453oM6P
~Socket~
Socket introduces a Jira Cloud integration for automated security alert ticketing and two-way sync.
-
IOCs: (None identified)
-
#AppSec #Jira #ThreatIntel
OWASP Ottawa would like to extend its gratitude to Rodrigo Rocha for an insightful presentation on their topic, "Threat Modeling in Practice" at our April 2026 meetup! 👏
Missed it? Catch the recording on our YouTube channel!
🎥: www.youtube.com/watch?v=TXpb...
#ottawa #cyber #owasp #appsec
Freddy Dezeure at #SecAppDev 2026. Former Head of CERT-EU. Now Deputy CISO of Europe at Microsoft. Freddy will deliver the opening keynote on security by Default, NIS2, DORA, and security controls that actually hold. More details on secappdev.org/2026/speaker... #AppSec
El mayor riesgo no es lo desconocido, sino lo que se repite.
Repasamos las 10 vulnerabilidades en apps más comunes y cómo prevenirlas según #OWASP
👉 https://f.mtr.cool/hjqzxwfclg
#AppSec #Ciberseguridad #Dev
Released Django Audit Reporter to make Django dependency reviews easier.
It audits one or more Django projects and generates a consolidated report with optional email delivery.
Read further on secudea.be/tools/django...
Get in from: github.com/dietersar/dj...
#Django #Python #AppSec
SecAppDev is not a conference, it's a one-week intensive course in Leuven.
90-minute lectures, a small and intimate group, hand-picked faculty. Join us June 1–5, 2026 to learn all about application security secappdev.org #AppSec #SecAppDev
BaseFortify CVE report page showing CVE-2026-41329 OpenClaw sandbox bypass vulnerability with description and CVSS score
The issue lies in improper context validation.
By manipulating parameters like senderIsOwner and abusing inherited context, attackers can break out of the sandbox.
Result → unauthorized privilege escalation.
#AppSec #AIsecurity #Infosec
OpenAEV-Platform (<2.0.13) has a CRITICAL flaw: non-expiring, short reset tokens allow unauthenticated account takeover — even for admins. Patch to 2.0.13 now! radar.offseq.com/threat/cve-2026-24467-cw... #OffSeq #Vulnerability #AppSec
The latest update for #GitGuardian includes "Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too" and "ATLSECCON 2026: Context, Identity, and Restraint in Modern Security".
#cybersecurity #DevOps #infosec #appsec https://opsmtrs.com/3XY1xZb
[un]prompted 2026 – Rob T. Lee, Glenn Thorpe, Dan Hubbard & Sergej Epp – Vibe Coded (Micro-Talks) Author, Creator & Presenter: Rob T. Lee, Glenn Thorpe, Dan Hubbard & Sergej Epp Our...
#Network #Security #Security #Bloggers #Network #[un]prompted #AI […]
[Original post on securityboulevard.com]
