#appsec

10 hours ago

Learn again more on AI Security at OWASP BASC

Dan D'Avella will talk about Autonomous Remediation using AI Security Agents.

Check out more at www.basconf.org

#owasp #basc2026 #basconf #appsec

0 0 0 0

Dominique Righetto

@righettod.eu

14 hours ago

🔬 In JavaScript, the instruction "Function(inputString)()" cause the content of "inputString" to be executed. "Function()" is a constructor that creates a new function from a string of code, similar to "eval()", but slightly more contained.

#appsec #appsecurity

0 0 1 0

Dominique Righetto

@righettod.eu

14 hours ago

Example of execution.

🧑‍🎓 Learning of the day for me thanks to @pentesterlab.com (for the presentation of the behavior and the code review lab) and Claude (for the detailed explanation):

#appsec #appsecurity

0 0 1 0

2rZiKKbOU3nTafniR2qMMSE0gwZ

16 hours ago

Secure your entry to the most exciting application security conference in New England! 1 amazing keynote by Bonnie Butlin, 18 talks and 4 workshops! A lot of prizes available at the conference.

Buy your ticket before its too late! Grab it at www.basconf.org
#appsec #owasp #basconf #basc2026

0 0 0 0

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

17 hours ago

Original post on securityboulevard.com

USENIX Security ’25 (Enigma Track) – Zombie Devices Are Running Amuck! Presenter: Stacey Higginbotham, Consumer Reports Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for ...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]

0 0 0 0

Salt Security The leading API security company, providing the context needed to discover APIs, stop attacks, and remediate vulnerabilities to accelerate business innovation.

1 day ago

The latest update for #SaltSecurity includes "An #AI Agent Didn't Hack McKinsey. Its Exposed #APIs Did." and "The Economic Argument: The Real Cost of Insecure APIs in the AI Era".

#cybersecurity #APISecurity #AppSec https://opsmtrs.com/40EBWWv

0 0 0 0

Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories Groups Conversations All groups and messages Sign in     Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories 0 views Eyal Estrin unread, 1:02 AM (7 minutes ago)    to https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights Social: @eyalestrin Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com Reply all Reply to author Forward

1 day ago

Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories #appsec

0 0 0 0

CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root Groups Conversations All groups and messages Sign in     CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root 0 views Eyal Estrin unread, 2:02 AM (7 minutes ago)    to https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights Social: @eyalestrin Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com Reply all Reply to author Forward

1 day ago

CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root #appsec

0 0 0 0

Zenity Design and implement governance policies, identify security risks, detect emerging threats and drive automatic mitigation and response.

1 day ago

The latest update for #Zenity includes "Why Soft Guardrails Get Us Hacked: The Case for Hard Boundaries in #AgenticAI" and "AI Agent Governance: The #CISO Checklist for the New AI Agent Reality".

#cybersecurity #lowcodesecurity #appsec https://opsmtrs.com/3GN6TxH

0 0 0 0

CyberMaterial

@cybermaterial.bsky.social

1 day ago

Google Paid $17.1M For Bugs In 2025
Read More: buff.ly/sGUNuDf

#BugBounty #GoogleVRP #VulnerabilityResearch #SecurityResearchers #ResponsibleDisclosure #CyberInnovation #AppSec #Infosec

0 0 0 0

@nocomplexity.bsky.social

1 day ago

Learn all about AI Security at OWASP BASC

Jonathan Dutson will talk about how Agentic Workflows can be compromised

Check out more at www.basconf.org

#owasp #appsec #basconf #basc2026

0 0 0 0

Maikel Mardjan

1 day ago

Static Application Security Testing (SAST): Simplicity Matters Simple, Local, FOSS: Reclaiming Python Security from the SaaS Giants

Static Application Security Testing (SAST): Simplicity Matters

So
Simple, Local, FOSS: Reclaiming Python Security from the SaaS Giants
open.substack.com/pub/nocomple...

#python #appsec

1 1 0 0

TechGlimmer.io

@techglimmer.bsky.social

1 day ago

Codex Security by OpenAI: The AI Agent That Finds Bugs Before Hackers Do Codex Security is OpenAI's new AI-powered security agent that scans your codebase, validates real vulnerabilities and many more.

Legacy scanners: noisy.
Codex Security: an AI agent that models your app, confirms real vulns & suggests targeted fixes.
I dug the beta numbers, CVEs found in major OSS & what this means for app security teams.

Full review: techglimmer.io/codex-securi...
#CodexSecurity #OpenAI #AppSec #AIsecurity

1 1 0 0

1 day ago

Big thank you to our Platinum sponsor Prime Security!

At Prime Security, we empower Security Teams to integrate risk-aware decisions into the very fabric of product development.
Want to sponsor OWASP BASC 2026? Check out our website www.basconf.org

#owasp #basc #basc2026 #appsec

0 1 0 0

Aikido Aikido Security is an automated application security platform designed specifically for software engineering teams.

2 days ago

The latest update for #AikidoSecurity includes "How #SecurityTeams Fight Back Against AI-Powered Hackers" and "How does AI #Pentesting Work with #Compliance?".

#Cybersecurity #AppSec #DevSecOps https://opsmtrs.com/48vGyRP

2 1 0 0

JFrog JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.

2 days ago

The latest update for #JFrog includes "The Dependency Dilemma: Balancing Innovation Speed with Supply Chain Resilience" and "Webinar Recap: The Context Engine – Why Consolidation is the Natural Future of #AppSec".

#cybersecurity #devops #CICD #Artifactory https://opsmtrs.com/3tbAFrI

0 0 0 0

Zenity Design and implement governance policies, identify security risks, detect emerging threats and drive automatic mitigation and response.

2 days ago

The latest update for #Zenity includes "AI Agent Governance: The #CISO Checklist for the New #AI Agent Reality" and "PerplexedBrowser: Accepting a Meeting or Handing Your Local Files to an Attacker?".

#cybersecurity #lowcodesecurity #appsec https://opsmtrs.com/3GN6TxH

0 0 0 0

CyberTaters

@potato.software

2 days ago

The latest update for #Veracode includes "#AI, #ApplicationSecurity, and the Illusion of Control" and "The 36% Surge in High-Risk Vulnerabilities: What It Means for Your Business".

#potatosecurity #softwaresecurity #AppSec #DevSecOps https://opsmtrs.com/3eO6tf7

1 0 1 0

Veracode Veracode’s powerful cloud-based platform, deep security expertise, and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

2 days ago

The latest update for #Veracode includes "#AI, #ApplicationSecurity, and the Illusion of Control" and "The 36% Surge in High-Risk Vulnerabilities: What It Means for Your Business".

#cybersecurity #softwaresecurity #AppSec #DevSecOps https://opsmtrs.com/3eO6tf7

0 0 1 0

Tines The world’s best companies – from startups to the Fortune 10 – trust Tines with their mission-critical security workflows.

2 days ago

The latest update for #Tines includes "What's new in Tines: February 2026 edition" and "Futureproofing Tines: Designing #AI infrastructure for scale".

#cybersecurity #nocodesecurity #appsec https://opsmtrs.com/3LFedhc

0 0 0 0

GitGuardian GitGuardian is the code security platform for the DevOps generation.

2 days ago

The latest update for #GitGuardian includes "Who Actually Owns This Service Account?" and "ConFoo 2026: Guardrails for Agentic AI, Prompts, and Supply Chains".

#cybersecurity #DevOps #infosec #appsec https://opsmtrs.com/3XY1xZb

1 0 0 0

Valdemar

@valdemar.ai

2 days ago

Screenshot of a restricted intelligence briefing titled 'ALPHA SIGNAL: THE SHADOW PERIMETER'. The visible text details a critical vulnerability exposing 300 million AI chat messages due to backend misconfiguration. The strategic impact analysis is intentionally pixelated, indicating restricted access for cleared members only.

300M AI messages exposed. No breach. Just a default-public backend. 50% of apps share this negligence.

Executors react. Architects control.

PROTOCOL: THE AI INTAKE GATE is live.

whop.com/the-architec...

#ShadowAI #CyberSecurity #AppSec

0 0 0 0

The Return of PhantomRaven: Detecting Three New Waves of npm Supply Chain Attacks Groups Conversations All groups and messages Sign in     The Return of PhantomRaven: Detecting Three New Waves of npm Supply Chain Attacks 0 views Eyal Estrin unread, 5:49 PM (28 minutes ago)    to https://www.endorlabs.com/learn/return-of-phantomraven Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights Social: @eyalestrin Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com Reply all Reply to author Forward

2 days ago

The Return of PhantomRaven: Detecting Three New Waves of npm Supply Chain Attacks #appsec

0 0 0 0

Zero Click Unauthenticated RCE in n8n: A Contact Form That Executes Shell Commands     Zero Click Unauthenticated RCE in n8n: A Contact Form That Executes Shell Commands 0 views Eyal Estrin unread, 2:49 PM (28 minutes ago)    to https://www.pillar.security/blog/zero-click-unauthenticated-rce-in-n8n-a-contact-form-that-executes-shell-commands Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights Social: @eyalestrin Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com Reply all Reply to author Forward

2 days ago

Zero Click Unauthenticated RCE in n8n: A Contact Form That Executes Shell Commands #appsec

0 0 0 0

Overly permissive ‘guest’ settings put Salesforce customers at risk Groups Conversations All groups and messages Sign in     Overly permissive ‘guest’ settings put Salesforce customers at risk 0 views Eyal Estrin unread, 2:49 PM (28 minutes ago)    to https://www.csoonline.com/article/4143667/overly-permissive-guest-settings-put-salesforce-customers-at-risk.html https://www.salesforce.com/blog/protecting-your-data-essential-actions-to-secure-experience-cloud-guest-user-access/ Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights Social: @eyalestrin Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com Reply all Reply to author Forward

2 days ago

Overly permissive ‘guest’ settings put Salesforce customers at risk #appsec

0 0 0 0

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework Groups Conversations All groups and messages Sign in     Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework 0 views Eyal Estrin unread, 3:49 PM (28 minutes ago)    to https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/ Eyal Estrin Author | Cloud Architect | AWS • Azure • GCP Insights Social: @eyalestrin Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com Reply all Reply to author Forward

2 days ago

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving Framework #appsec

0 0 0 0