Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Application Security including monitoring, testing, and open source.

aikido

Popular nx packages compromised on npm

Aug 27, 2025 By Charlie Eriksen In Aikido
Last night, our automated Aikido Intel system alerted us that potentially malicious code was detected in some packages within the @nx scope, which include packages with as many as ~6 million weekly downloads. The scope and impact of this breach are significant, as the attacker chose to publish the stolen data directly on GitHub, rather than sending it to their own servers. This means that there’s a SIGNIFICANT amount of credentials that are publicly available on GitHub.
Read Post
appknox

ASPM Explained: The New Standard for Enterprise-Grade App Protection

Aug 26, 2025 By Raghunandan J In Appknox
Application Security Posture Management (ASPM) is a unified intelligence layer that transforms scattered security data into actionable business insights. Why should you care about this new security approach when you already have a working structure in place? To understand this, let’s first look at the security approach that enterprises usually follow and why it is dated.
Read Post

Stop Password Sharing & Identify Security Breaches!

Aug 26, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

AI Cybersecurity & Fact Check

Aug 25, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

Cybersecurity secrets for companies #appsec #cybersecuritytips

Aug 22, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

Inside Bug Bounty Programs: How Hackers Help Secure Your Software | Secrets of AppSec Champions

Aug 21, 2025 By Mend In Mend
Bug bounty programs are more than just rewards for hackers—they’re a gateway to stronger security, global collaboration, and even career transformation. In this episode, Netta Oren, cybersecurity manager and seasoned bug bounty advocate, shares how organizations can build successful bounty programs, responsibly manage disclosures, and create a win-win culture for both companies and ethical hackers.
View Video

Veracode AI Code Secure: Real-Time Supply Chain Security for AI Development

Aug 20, 2025 By VERACODE In Veracode
Veracode AI Code Secure for Software Supply Chain is a real-time AI code purifier delivering curated insights on vulnerabilities, malware, and licensing to OEMs. By integrating directly into AI coding workflows, AI Code Secure closes critical security gaps left by outdated or incomplete LLM training data.
View Video

AI Agents Vulnerabilities and Prompt #cybersecurity #aisecurity

Aug 20, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
What Is a DAST Scan-and Why It's Essential for Web App Security

What Is a DAST Scan-and Why It's Essential for Web App Security

Aug 20, 2025 By SecuritySenses In SecuritySenses
Modern web applications are exposed to real-world threats the moment they go live. Even the most careful development practices can't fully guarantee safety once your app is in the wild. Static analysis tools (SAST) help by catching issues in the codebase before release, but they don't provide the full picture of what attackers will see in production. That's where DAST scanning-Dynamic Application Security Testing-comes in. Instead of scanning code, a DAST tool interacts with your running application, probing it for weaknesses in much the same way a real attacker would.
Read Post

Shift Left AI Security #coding #cybersecurity

Aug 19, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.