Another talk announcement for BSides Luxembourg!

🧠💻 𝗧𝗔𝗟𝗞 𝗧𝗢 𝗔 𝗦𝗛𝗘𝗟𝗟: 𝗘𝗫𝗣𝗟𝗢𝗜𝗧𝗜𝗡𝗚 𝗔𝗜 𝗔𝗚𝗘𝗡𝗧𝗦 𝗜𝗡 𝗥𝗘𝗔𝗟 𝗧𝗜𝗠𝗘 – Parth Shukla ⚡

AI agents are no longer just chatbots—they can execute commands, access files, and interact with real systems. But what if an attacker […]

[Original post on infosec.exchange]

260404 rootshell.online Created on Sat Apr 4 23:00:00 CST 2026 - A news, tutorials and conferences about security published on YouTube - Find the RSS Feed with latest playlists at h...

Keep your skills sharp with the latest cyber playlist—stream now and stay informed. ⚔️ www.youtube.com/playlist
#CyberSecurity #AppSec #ThreatIntelligence #Ransomware #OnlineSafety

Up your game in auditing applications at OWASP BASC

Michael Kreuger is conducting a workshop to learn how to audit your application for SDKs in it.

Check out more at www.basconf.org

#owasp #basconf #basc2026 #appsec

Tomorrow is the last day to buy BASC tickets!

Grab yours at www.basconf.org and get access to a day full of talks, workshops and a chance to win some amazing raffle prizes.

#appsec #basc2026 #basconf #owasp

Original post on securityboulevard.com

[un]prompted 2026 – Security Guidance as a Service Author, Creator & Presenter: Shruti Datta Gupta, Product Security Engineer, Adobe & Chandrani Mukherjee, Product Security Engineer, Adob...

#Network #Security #Security #Bloggers #Network #[un]prompted […]

[Original post on securityboulevard.com]

HCLSoftware HCL-ASE-PROF-10 Exam Quiz We have designed HCLSoftware HCL AppScan Enterprise 10 Professional practice exams to help you prepare for the HCL-ASE-PROF-10 certification exam. This practice exam provides you with an opportunity t...

Preparing for HCL-ASE-PROF-10? 🔍

This quiz is a quick way to test your AppScan Enterprise 10 knowledge and get more comfortable with the exam style before test day.

▶️ forms.gle/g6b3atVRxEzA...

#HCLSoftware #AppScan #HCL_ASE_PROF_10 #ApplicationSecurity #AppSec #ITCertification

LinkedIn Is Illegally Searching Your Computer https://browsergate.eu/ https://browsergate.eu/the-evidence-pack/

LinkedIn Is Illegally Searching Your Computer #appsec

Why GitHub Developers Are Targeted by Token Giveaway Scams Groups Conversations All groups and messages Sign in     Why GitHub Developers Are Targeted by Token Giveaway Scams 0 views Eyal Estrin unread, 1:30 AM (6 minutes ago)    to https://hackread.com/github-developers-targettoken-giveaway-scams/ Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights Social: @eyalestrin Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com Reply all Reply to author Forward

Why GitHub Developers Are Targeted by Token Giveaway Scams #appsec

CrewAI Vulnerabilities Expose Devices to Hacking (CVE-2026-2275)     CrewAI Vulnerabilities Expose Devices to Hacking (CVE-2026-2275) 0 views Eyal Estrin unread, 11:30 PM (6 minutes ago)    to https://www.securityweek.com/crewai-vulnerabilities-expose-devices-to-hacking/ https://kb.cert.org/vuls/id/221883 Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights Social: @eyalestrin Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com Reply all Reply to author Forward

CrewAI Vulnerabilities Expose Devices to Hacking (CVE-2026-2275) #appsec

Tines The world’s best companies – from startups to the Fortune 10 – trust Tines with their mission-critical security workflows.

The latest update for #Tines includes "How Armature Systems Uses Tines to Transform Our SOC Into a Faster, Leaner, Low-Friction Machine" and "What's new in Tines: March 2026 edition".

#cybersecurity #nocodesecurity #appsec https://opsmtrs.com/3LFedhc

GitGuardian GitGuardian is the code security platform for the DevOps generation.

The latest update for #GitGuardian includes "NHI Governance Is the Outcome. GitGuardian Is How You Get There" and "Key Leaks, Vault Failures, and TEE Attacks: Highlights from RWC 2026".

#cybersecurity #DevOps #infosec #appsec https://opsmtrs.com/3XY1xZb

Veracode Veracode’s powerful cloud-based platform, deep security expertise, and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

The latest update for #Veracode includes "Mastering Software #SupplyChain Management in 2026" and "Breaking Down the Axios Supply Chain Attack".

#cybersecurity #softwaresecurity #AppSec #DevSecOps https://opsmtrs.com/3eO6tf7

Salt Security The leading API security company, providing the context needed to discover APIs, stop attacks, and remediate vulnerabilities to accelerate business innovation.

The latest update for #SaltSecurity includes "The Agentic Stack Explained: How LLMs, MCP Servers, and #APIs Work Together" and "Everyone Is Deploying #AI Agents. Almost Nobody Knows What They're Doing.".

#cybersecurity #APISecurity #AppSec https://opsmtrs.com/40EBWWv

The latest update for #Zenity includes "Identity Isn't Enough: Why #AI Agent Security Requires Runtime Context" and "The Floor Was Selling AI. The Hallways Were Asking for Help.".

#potatosecurity #lowcodesecurity #appsec https://opsmtrs.com/3GN6TxH

Learn some new skills at OWASP BASC

Tony Quadros will be conducting a hands on workshop on writing custom static analysis rules

Check out more at www.basconf.org

#appsec #basconf #basc2026 #owasp

Zenity Design and implement governance policies, identify security risks, detect emerging threats and drive automatic mitigation and response.

The latest update for #Zenity includes "Identity Isn't Enough: Why #AI Agent Security Requires Runtime Context" and "The Floor Was Selling AI. The Hallways Were Asking for Help.".

#cybersecurity #lowcodesecurity #appsec https://opsmtrs.com/3GN6TxH

Original post on securityboulevard.com

[un]prompted 2026 – The Hard Part Isn’t Building The Agent: Measuring Effectiveness Author, Creator & Presenter: Joshua Saxe, Al Security Technical Lead, Meta Our thanks to [un]prompted for...

#Network #Security #Security #Bloggers #Network […]

[Original post on securityboulevard.com]

We’re excited to welcome Deer Brook to the community floor at #BSidesMaine.

They deliver modern, tailored technology solutions across higher ed, ERP modernization, advisory, and technical services.

Learn more: https://f.mtr.cool/diweckjkpu

#InfoSec #CyberSecurity #AppSec

If you havent already grab your ticket to the only application security conference in New England. Keynote by Canada's first lady of security, talks by world's experts, upskill with intense workshops. Buy your ticket at www.basconf.org — ticket refunded at check-in! 2 days left!

#appsec #basconf

Axios supply chain attack: How AppSec teams should respond | ReversingLabs Here's an incident-response checklist and ongoing best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.

The axios supply chain attack should be front an center for #AppSec teams given it's wide reach.
Here's RL's immediate-response checklist — and best practices for ongoing defense. Also learn how RL’s xBOM and Spectra Assure Community can help. 👇
www.reversinglabs.com/blog/axios-a...

GDDRHammer: Greatly Disturbing DRAM Rows — Cross-Component Rowhammer Attacks from Modern GPUs Groups Conversations All groups and messages Sign in     GDDRHammer: Greatly Disturbing DRAM Rows — Cross-Component Rowhammer Attacks from Modern GPUs 0 views Eyal Estrin unread, 7:29 AM (4 minutes ago)    to https://gddr.fail/files/gddr.pdf Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights Social: @eyalestrin Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com Reply all Reply to author Forward

GDDRHammer: Greatly Disturbing DRAM Rows — Cross-Component Rowhammer Attacks from Modern GPUs #appsec

ZAP Updates - March 2026 ZAP was started nearly 9.5 million times in March, published integrations with 3 other open source projects, and released the first of many AI related features.

Blog: ZAP Updates for March:
www.zaproxy.org/blog/2026-04...
ZAP was started 9.5 MILLION times .. and we announced significant collaborations with other open source projects
#zaproxy #appsec

260402 rootshell.online Created on Thu Apr 2 23:00:01 CST 2026 - A news, tutorials and conferences about security published on YouTube - Find the RSS Feed with latest playlists at h...

From pentesting tips to cloud defense, today’s curated cyber playlist has it all. 🎥 www.youtube.com/playlist
#PenTesting #AppSec #CyberSecurity #ThreatIntelligence #IncidentResponse

Whitespots Portal and ISO 27001 Certification 📄 New article is out! 🚀 See how our clients are leveraging Whitespots Portal to sail through audits, and secure ISO 27001 certification on their first attempt.

Whitespots Portal and ISO 27001 Certification
https://whitespots.io/blog/success-story-iso-27001
#ISO27001 #vulnerabilitymanagement #AppSec

Dive into the world of SBOMs at OWASP BASC

Kelli Schwalm will speak on how to tell if your SBOM is wrong.

Check out more at www.basconf.org

#owasp #appsec #basconf #basc2026

Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02) - Checkmarx Two supply-chain stories mattered most this week: Langflow’s recent code-injection flaw was added to CISA’s Known Exploited Vulnerabilities catalog, and the Telnyx Python package compromise showed…

#LastWeekInAppSec wasn't just about #Axios. It also included:

🔨 rapid exploitation of a code injection + RCE in #Langflow (#CVE-2026-33017)

🕵️‍♂️ clever malware in #Telnyx package that used a valid .wav audio file to hide its payload.

▷ Read the details: buff.ly/pxbX0c0

#AppSec #DevSecOps

GenAI Security Project ramps up guidance for AppSec teams New resources for providing practical guidance and tools for securing generative and agentic AI have been released by OWASP's GenAI Securi...

AI risks are evolving fast and OWASP's GenAI Security Project is keeping pace—new red-teaming taxonomy, 200+ mapped solutions, and updated guidance for AppSec teams. jpmellojr.blogspot.com/2026/04/gena.... #AppSec #GenAI #OWASP #AISecurity

Integrating Anchore Security Scanning into Your Azure DevOps Pipeline | Anchore With a few lines of yaml, add security to your Azure DevOps pipeline to keep non-compliant containers from reaching production environments.

New Update: Integrating @Anchore with Azure DevOps. ⚡️
Whether you're using distributed analysis to keep data local or centralized analysis for full malware scanning, this updated guide walks you through the YAML and conf... https://anchore.com/blog/anchore-azure-devops/
#CICD #Azure #Docker #AppSec

Articles about Axios npm package vulnerability (2.4.2026) Axios npm Compromised: UNC1069 Deploys Cross-Platform RAT https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/CSA_research_note_axios-npm-supply-chain-unc1069_20260401-csa-styled.pdf Mitigating the Axios npm supply chain compromise https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/ Widespread Impact of the Axios Supply Chain Attack https://unit42.paloaltonetworks.com/axios-supply-chain-attack/ What We Learned: Axios NPM Supply Chain Compromise Emergency Briefing https://www.sans.org/blog/what-we-learned-axios-npm-supply-chain-compromise-emergency-briefing Advisory on Axios Supply Chain Attack via Compromised npm Account https://www.csa.gov.sg/alerts-and-advisories/advisories/ad-2026-002/ Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 https://www.softwareimprovementgroup.com/blog/axios-npm-supply-chain-attack-explained/ Axios npm Package Compromised With Remote Access Trojan https://laravel-news.com/axios-npm-package-compromised-with-remote-access-trojan

Articles about Axios npm package vulnerability (2.4.2026) #appsec

🚨 Keynote Speaker Alert! 🚨

We’re excited to welcome @hannahfoxwell@hachyderm.io, Co-founder of BIMP, to Global AppSec Vienna!
Her talk dives into AI-driven developer velocity, what works, what doesn’t, and how to stay secure at speed. Don’t miss it!

owasp.glueup.com/eve...

#AI #DevOps #AppSec