Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Application Security including monitoring, testing, and open source.

We Asked AI Security Experts to Explain Their Work Using Emojis #AISecurity #AI #AppSec

Dec 15, 2025 By Mend In Mend
Can you explain AI Security using only emojis? We challenged AI Security professionals to do just that — no words, just symbols. Their creative combos reveal how experts really think about risks, models, and protection in today’s AI-driven world. From to to , each emoji tells a story about securing the systems behind the world’s most powerful models. Subscribe for more creative takes on AppSec, AI Security, and secure development from the Mend.io team.
View Video
aikido

React & Next.js DoS Vulnerability (CVE-2025-55184): What You Need to Fix After React2Shell

Dec 12, 2025 By Mackenzie Jackson In Aikido
If you upgraded only to address CVE-2025-55182 (React2Shell), you may still be vulnerable. CVE-2025-55184 affects adjacent RSC code paths and can allow attackers to take your app offline, even without gaining code execution. You should ensure you’re running the latest patched React and Next.js versions, including fixes for the follow-up CVE-2025-67779.
Read Post
aikido

OWASP Top 10 for Agentic Applications (2026): What Developers and Security Teams Need to Know

Dec 10, 2025 By Sooraj Shah In Aikido
Agentic AI is moving into production in CI/CD pipelines, internal copilots, customer support workflows, and infrastructure automation. These systems no longer just call a model. They plan, decide, delegate, and take actions on behalf of users and other systems. This creates new attack surfaces that do not map cleanly to traditional application security or even the OWASP Top 10 2025.
Read Post
veracode

Beyond Speed: Why Free AppSec Testing Tools Cost You More

Dec 9, 2025 By Joe Ariganello In Veracode
The expectation for fast and free solutions dominates both personal and professional environments. From streaming platforms to software tools, convenience and zero-cost access often drive decision-making. While this approach may seem efficient on the surface, it raises critical questions about the hidden costs and overlooked trade-offs.
Read Post
astra

API Security vs Application Security: What's the Difference & Best Practices 2026

Dec 5, 2025 By Suyash Jain In Astra
Over the past few years, APIs have quietly become the front door to your most critical data and workflows, flipping security ownership on its head. Accountability and ownership of both API and Application security have shifted from your central infra and network teams to product, platform, and engineering squads that ship new APIs every week, and well, sometimes every day. This is where CISOs and CTOs feel the tug strengthening from both sides.
Read Post

Hackers hijack Google Smart Home #aisecurity #mcpserver

Dec 5, 2025 By Mend In Mend
Building AI agents that can think, act, and adapt securely isn't easy. From prompt design to deployment, every stage brings new challenges and new risks. In this session, Bar-El Tayouri, Head of Mend AI at Mend.io, and Yehoshua (Shuki) Cohen, VP of Data and AI Evangelist at AI21 Labs, shared practical strategies for designing and defending agentic systems that actually deliver. Key topics covered: Originally recorded: October 29, 2024.
View Video

Learn How Veracode Stops Attackers from Exploiting Vulnerabilities from Founder Chris Wysopal.

Dec 4, 2025 By VERACODE In Veracode
Hear from Veracode's Founder and Chief Evangelist, Chris Wysopal, on how attackers compromise organizations by scanning applications for vulnerabilities in code, APIs, mobile integrations, and cloud environments. Vulnerabilities enter systems through feature updates, open-source components, and third-party code—creating constant exposure.
View Video

Veracode: Automating Application Risk Management with Veracode CEO Brian Roche

Dec 4, 2025 By VERACODE In Veracode
Hear from Veracode's CEO, Brian Roche, on how organizations worldwide face mounting security risks from AI and applications but struggle to identify where those risks reside. Veracode's Application Risk Management Platform solves this challenge by helping enterprises focus on their most critical applications—the ones that would irreparably impact business if compromised. Through automated AI-powered vulnerability detection and remediation, Veracode enables organizations to dramatically improve their compliance from 30% to 90% with just a few clicks.
View Video

Learn How Veracode Helps Developers Deliver Fast Without Compromising Security with SVP Sarah Law

Dec 4, 2025 By VERACODE In Veracode
Hear from Veracode's SVP of Business Operations, Sarah Law, on how developers face immense pressure to deliver software quickly while security and compliance teams struggle to keep pace with constant changes. The Veracode platform addresses this challenge by discovering and organizing all technology assets across systems, then assessing the risk associated with each one. What sets Veracode apart is its built-in governance and unified, configurable policy framework that adapts to each customer's unique security posture and regulatory requirements.
View Video
veracode

Mastering ASPM: Unifying Your Application Security Strategy

Dec 2, 2025 By Natalie Tischler In Veracode
Application security is becoming increasingly fragmented. Development and security teams use a wide array of tools for testing, protection, and supply chain security. While each tool serves a purpose, they often operate in silos. This fragmentation creates a disconnected view of an organization’s security posture, making it difficult to prioritize and remediate risk effectively.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.