Application Security

Application Security | News, how-tos, features, reviews, and videos

Latest from today

Feature
Image

AI coding is fueling a secrets-sprawl crisis few CISOs are containing

CISOs should treat secrets sprawl as a governance challenge. This means enforcing clear ownership, adopting short-lived credentials, and extending security controls across the entire software development lifecycle.

By Andrada Fiscutean
8 mins
Application SecurityArtificial IntelligenceSecurity
News Analysis
Image

What happens when China’s AI catches up to Mythos?

By Cynthia Brumfield
6 mins
Application SecurityCyberattacksGovernment
News
Image

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

By John E. Dunn
4 mins
Application SecurityCyberattacksDevSecOps
News Analysis

Supply-chain attacks take aim at your AI coding agents

By Lucian Constantin
7 mins
Application SecurityCyberattacksDevSecOps
News

Oracle will patch more often to counter AI cybersecurity threat

By Peter Sayer
2 mins
Application SecuritySecurity
Feature

Enterprise Spotlight: Transforming software development with AI

By CSO Staff
1 min
Application SecurityArtificial IntelligenceDevSecOps
Opinion

Securing RAG pipelines in enterprise SaaS

By Mayank Singhi
9 mins
Application SecurityArtificial IntelligenceEnterprise Architecture
Feature

AI is reshaping DevSecOps to bring security closer to the code

By Bob Violino
10 mins
Application SecurityDevSecOpsSecurity
News

White House moves to give federal agencies access to Anthropic’s Claude Mythos

By Gyana Swain
4 mins
Application SecuritySecurityVulnerabilities

Articles

news analysis

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configs open servers to possible remote code execution, as evidenced by several commercial services and open-source projects.

By Lucian Constantin
Apr 16, 2026 7 mins
Application SecurityArtificial IntelligenceSecurity
news analysis

Old Docker authorization bypass pops up despite previous patch

A 10-year-old issue involving Docker Engine and the AuthZ authorization plug-in lives again to enable attackers to gain root-level access to host systems.

By Lucian Constantin
Apr 10, 2026 4 mins
Application SecuritySecurityVulnerabilities
news analysis

What Anthropic Glasswing reveals about the future of vulnerability discovery

A closed consortium including tech giants and top security vendors gets early access to a model Anthropic says can autonomously discover software vulnerabilities at scale. The implications for cybersecurity’s future could be significant.

By Cynthia Brumfield
Apr 7, 2026 5 mins
Application SecurityDevSecOpsTechnology Industry
opinion

Supply chain security is now a board-level issue: Here's what CSOs need to know

Security isn't just your problem anymore — it's the board's. With 97% of apps using open-source, CSOs need to ditch the false positives and get serious about SBOMs.

By Scott Register
Apr 7, 2026 9 mins
Application SecurityMarketsTransportation and Logistics Industry
brandpostSponsored by Veracode

Veracode Static Analysis: The Right Scan, At The Right Time, In The Right Place

Veracode Static Analysis: Meeting the Modern AppSec Challenge

By Veracode
May 14, 2020 1 min
Application SecuritySecurity
opinion

Security awareness is not a control: Rethinking human risk in enterprise security

Training people to spot phishing is great for culture, but it's a poor safety net; real security means building systems that don't break when someone has a bad day.

By Oludolamu Onimole
Apr 1, 2026 10 mins
Application SecurityPhishingSocial Engineering
news analysis

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.

By Lucian Constantin
Mar 31, 2026 7 mins
CyberattacksDevSecOpsNode.js
feature

APIs are the new perimeter: Here’s how CISOs are securing them

Today’s attack surface is shifting from the endpoint to the API, and AI and third-party SaaS are worsening the issue. CISOs offer advice for API defense.

By Bill Doerrfeld
Mar 30, 2026 14 mins
APIsApplication SecurityIdentity and Access Management
feature

Runtime: The new frontier of AI agent security

Security leaders say monitoring agent behavior inside enterprise systems may be the next major challenge for CISOs.

By Cynthia Brumfield
Mar 17, 2026 10 mins
Application SecurityArtificial IntelligenceDevSecOps
feature

14 old software bugs that took way too long to squash

As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.

By Josh Fruhlinger and John Leyden
Mar 5, 2026 17 mins
Application SecurityVulnerabilities
opinion

Why application security must start at the load balancer

Most breaches don’t outsmart your stack; they walk through a permissive load balancer you tuned for speed instead of trust.

By Vishnu Gatla
Feb 27, 2026 8 mins
Application SecuritySecurity
feature

The new paradigm for raising up secure software engineers

The new challenge for CISOs in the age of AI developers is securing code. But what does developer security awareness even mean in the era of vibe coding?

By Ericka Chickowski
Feb 18, 2026 10 mins
Application SecurityDevSecOpsSecurity
feature

Software developers: Prime cyber targets and a rising risk vector for CISOs

From technical compromise to AI-driven attacks, cyber criminals increasingly see software developers as prime targets, creating systemic risks CISOs must address.

By John Leyden
Feb 9, 2026 9 mins
Application SecurityDevSecOpsSecurity
View all

Resources

whitepaper

eBook: Solve AI Data Delivery Bottlenecks

Solve AI data delivery bottlenecks to unlock better outcomes

The post eBook: Solve AI Data Delivery Bottlenecks appeared first on Whitepaper Repository –.

By F5 Inc.
02 Apr 2026
Application SecurityArtificial IntelligenceCloud
Image
whitepaper

eBook: Solve AI Data Delivery Bottlenecks

By F5 Inc.
02 Apr 2026
Application SecurityArtificial IntelligenceCloud
Image
View all

Podcasts

Image
podcastsSponsored by Veracode

A Hard Look at Software Security

In Season 2 of our podcast series, we’ll discuss the implications and mandates generated by Veracode’s most recent State of Software Security report. Our industry experts will pick up from Season 1’s highlights to take a closer look at application security today. Listeners will learn more about: The impact security debt is having across industries The changing attitudes and priorities put around application security How the average number of days to fix software flaws has almost tripled since the last report The case for scanning early and often

12 episodes
Application Security

Video on demand

video

Inside Visa’s Cyber Defense: CISO Subra Kumaraswamy on blending AI and Human Defense

In this episode of Cyber Sessions, Visa CISO Subra Kumaraswamy takes us inside the company’s 24/7 Cyber Fusion Centers, where AI-driven defenses block 90 million attacks and 11 million phishing emails each month. He shares how his team achieves “zero breach, zero disruption” across 200+ countries—and what lessons other security leaders can learn from Visa’s global approach to resilience.

By Joan Goodchild
Dec 15, 2025 26 mins
Application SecurityCSO and CISO
See all videos

Explore a topic

Show me more

news

Critical vulnerability in Cisco Secure Workload rated at maximum severity

By Howard Solomon
4 mins
Network SecuritySecurityVulnerabilities
Image
news

Microsoft patches two zero-day flaws in Defender

By Lucian Constantin
3 mins
Endpoint ProtectionWindows SecurityZero-Day Vulnerabilities
Image
news

Unpatched ChromaDB flaw leaves servers open to remote code execution

By Lucian Constantin
5 mins
SecurityVulnerabilities
Image
podcast

Security Blind Spots: What the Louvre Heist Reveals About Your Organization

By Joan Goodchild
34 mins
Cybercrime
Image
podcast

CSO Executive Sessions ASEAN: From Compliance to Cyber Resilience-Securing Patient Trust in Southeast Asia’s Hospitals

By Estelle Quek
23 mins
CyberattacksCybercrimeRansomware
Image
podcast

How Intelligence and AI Are Changing Cyber Defense | Erin Whitmore, Former CIA

By Joan Goodchild
28 mins
CyberattacksCybercrime
Image
video

Security Blind Spots: What the Louvre Heist Reveals About Your Organization

By Joan Goodchild
34 mins
Cybercrime
Image
video

The Human Side of Cybersecurity: Stress, Deepfakes & the Hidden Cost of Breaches

By Joan Goodchild
25 mins
Data and Information Security
Image
video

CSO Executive Sessions ASEAN: From Compliance to Cyber Resilience-Securing Patient Trust in Southeast Asia’s Hospitals

By Estelle Quek
23 mins
CSO and CISOElectronic Health RecordsRansomware
Image