Private Repository Secures the AI-driven Development Boom
Friday, March 27, 2026 by Austin Harris
ActiveState has launched ActiveState Curated Catalog. This new offering provides organizations with a private, secure repository of open source components from the ActiveState Library, giving developers and AI code generators access to vetted packages from a trusted internal source instead of pulling them directly from the open internet.
Directly pulling open source ...
DoubleVerify detects hidden iOS ad fraud
Wednesday, December 3, 2025 by Trey Abbe
DoubleVerify’s Fraud Lab has discovered a new fraud scheme lurking on customers’ mobile devices. It uses innocent-seeming iOS gaming apps to charge advertisers for phony ad impressions.
Operated by independent cybercriminals using a shared framework called UniSkyWalking, the scheme, which our Fraud Lab has dubbed SkyWalk, is sophisticated, coordinated and...
Airline data breach hits WestJet exposing over 1M passengers
Thursday, October 30, 2025 by Russ Scritchfield
Canada’s second-largest airline, WestJet, disclosed that a data breach earlier this year compromised the personal information of approximately 1.2 million passengers. The airline reported the incident in a filing with Maine’s attorney general, confirming that 240 residents in the state were affected.
Details of the information compromised
The informati...
Introducing capn web a new javascript rpc protocol
Wednesday, October 15, 2025 by Russ Scritchfield
A new Remote Procedure Call (RPC) protocol and implementation named Cap'n Web has been introduced, written entirely in TypeScript. Designed as a spiritual sibling to Cap'n Proto, this new system is engineered specifically for the modern web stack. Cap'n Web distinguishes itself by having no schemas and minimal boilerplate, which simplifies setup and integrat...
Push for FTC to Investigate Microsoft
Monday, September 22, 2025 by Austin Harris
U.S. Senator Ron Wyden has formally requested the Federal Trade Commission to examine Microsoft for what he describes as significant cybersecurity shortcomings. The request cites repeated security incidents and raises questions about the company’s role in safeguarding critical infrastructure.
Senator highlights cybersecurity risks
In a letter addressed to FT...
Salesforce data breach linked to Tenable via Salesloft Drift
Friday, September 12, 2025 by Richard Harris
A recent Salesforce data breach involving the Salesloft Drift integration has affected multiple organizations, including cybersecurity company Tenable. The company confirmed that limited customer contact and support case data were exposed but emphasized that no core product data was compromised.
Scope of exposed information
Tenable reported that information access...
Hackers steal cryptocurrency using fake job offers report reveals
Tuesday, September 9, 2025 by Trey Abbe
A recent investigation reveals that North Korean hacking groups are using elaborate fake job offers to steal cryptocurrency from blockchain professionals and investors. The scams, identified in a joint report by cybersecurity firms SentinelOne and Validin, include posing as recruiters for major crypto companies and directing applicants to download malicious software or ...
Salesforce breach let hackers steal Google customer data
Monday, August 25, 2025 by Richard Harris
In June, one of Google’s corporate Salesforce instances was affected by activity consistent with the UNC6040 campaign described in the post. Google responded by conducting an impact analysis and implementing mitigation steps. The affected instance stored contact information and related notes for small and medium-sized businesses. Investigators confirmed that data ...
ChatGPT agents bridging research and action
Tuesday, August 12, 2025 by Austin Harris
You can now ask ChatGPT to handle requests like “look at my calendar and brief me on upcoming client meetings based on recent news,” “plan and buy ingredients to make Japanese breakfast for four,” and “analyze three competitors and create a slide deck.” ChatGPT will intelligently navigate websites, filter results, prompt you to log in...
Your AI chat isn't safe
Monday, August 4, 2025 by Austin Harris
ChatGPT users are facing unexpected privacy risks as shared conversations with the AI tool have started appearing in Google search results. The issue stems from ChatGPT’s “shared link” feature, which allows users to generate public URLs for individual conversations. While the feature was originally intended for collaboration, those shared URLs are now ...
iOS fitness app Fitify exposes 138K user private photos
Friday, July 25, 2025 by Austin Harris
Fitify’s publicly accessible Google cloud storage bucket has exposed hundreds of thousands of files. Some of the files were user-uploaded progress pictures that individuals upload to track their body changes over time. After Cybernews contacted the company, the unprotected instance was closed.
iOS fitness app Fitify exposes 138K user private photos: Key takeawa...
McDonalds AI Hiring Bot Breach
Thursday, July 17, 2025 by Russ Scritchfield
Security researchers uncovered a critical vulnerability in McDonald’s AI-powered hiring system, McHire, revealing how a simple password flaw could have exposed applicant data, but importantly, no candidate information was leaked or made publicly available, and only five records were briefly accessed by researchers who responsibly reported the issue.
In a supers...
2025 Artifact Management Report
Thursday, July 10, 2025 by Richard Harris
The 2025 Artifact Management Report arrives at a moment of profound change for software development teams worldwide. As organizations grapple with unprecedented security challenges, rapid AI adoption, and complex software supply chains, this year’s findings expose the critical gaps and evolving expectations surrounding artifact management. With software now the ba...
The Great App Purge Googles Quality Overhaul
Wednesday, June 4, 2025 by Richard Harris
In early 2025, the tech world was rocked by a revelation that caught even seasoned app developers off guard: Google’s Play Store had lost nearly half of its apps in the span of just over a year. What seemed at first to be a quiet pruning of low-value software turned out to be a full-blown purge, 47% of apps had vanished. A platform that once boasted the largest ca...
Apple charged for illegal app store fees
Tuesday, May 13, 2025 by Austin Harris
The European Commission has recently found that Apple is violating the Digital Markets Act (DMA). The DMA requires Apple to allow developers to direct customers outside of apps to make purchases and find other app distribution channels without incurring any charges. Apple has been breaking the law by imposing illegal fees, displaying scare screens, and placing restricti...
DataKrypto launches new AI models
Friday, May 9, 2025 by Richard Harris
DataKrypto launched a new solution that protects AI models and the data of businesses using them. Based on the company’s patented FHE technology, the solution, FHEnom for AI, addresses a critical security gap and delivers unprecedented AI protection.
FHEnom for AI is a zero-knowledge framework that safeguards both customized open-source AI models (adapted for s...
AI coding security discussion with JFrog
Wednesday, February 19, 2025 by Richard Harris
Eyal Dyment, Vice President of Security Products at JFrog, shares his insights in this Q&A on the crucial considerations for developers and businesses when selecting an AI platform. With AI’s transformative role in coding and software development, Eyal addresses key security risks, the growing reliance on AI-powered technologies, and the steps developers can t...
Cybersecurity in 2025
Tuesday, February 4, 2025 by Richard Harris
Timothy Hollebeek shares his insights on the key cybersecurity trends shaping 2025, focusing on the evolving landscape of digital trust and identity. As quantum computing and AI continue to advance, they bring both groundbreaking innovations and new cybersecurity risks. The introduction of Google’s Willow chip signals a new era of quantum technology, accelerating ...
Faster cyberthreat detection updates from Progress
Tuesday, October 29, 2024 by Austin Harris
Progress announced the latest release of Progress Flowmon, the network observability platform with AI-powered detection for cyberthreats, anomalies and fast access to actionable insights for greater network and application performance across hybrid cloud ecosystems. With today’s release, the Flowmon platform enhances IP search efficiency up to tenfold with in...
Increasing cyber threats from artificial intelligence
Wednesday, October 9, 2024 by Austin Harris
The UK Cybersecurity M&A market has grown significantly over the past decade, with the deal volume trend line increasing, and the sector continuing to attract significant investment from Private Equity, alongside larger corporates consolidating emerging technologies to counter increasingly sophisticated threats.
The UK National Cyber Security Centre has...
AI regulations in software development
Tuesday, August 27, 2024 by Richard Harris
AI is rapidly changing the software development field, making clear regulations essential to prevent risks like data breaches and ensure ethical practices. These regulations are also key to reshaping developer roles while preserving the need for human expertise.
AI regulations in software development
The implementation of formal AI policies within companies is cri...
AWS introduces Mithra advanced threat intelligence neural network
Thursday, August 15, 2024 by Austin Harris
In a recent blog post from AWS, Amazon Chief Information Security Officer CJ Moses detailed the robust threat intelligence capabilities that safeguard AWS customers. Through tools like Mithra and MadPot, AWS collects and analyzes vast data, identifying and neutralizing threats with unparalleled accuracy and speed. AWS's proactive approach to sharing high-fidelity th...
Social engineering takeover attacks are on the rise
Thursday, April 18, 2024 by Brittany Hainzinger
OpenSSF and the OpenJS Foundation (home to JavaScript projects used by billions of websites worldwide) are alerting open-source project maintainers of social engineering takeover attacks, following new attack attempts they’ve witnessed similar to the XZ Utils incident.
The OpenJS Cross Project Council received suspicious emails, imploring OpenJS to update one o...
Epic Games defeats Google in court
Thursday, April 18, 2024 by Richard Harris
In a twist that sounds straight out of a high-stakes courtroom drama, Epic Games has thrown down the gauntlet with a bombshell injunction proposal aimed at shaking up Google Play's entire rulebook. This comes hot on the heels of their David-versus-Goliath victory over Google in December, where a U.S. jury cast the tech behemoth as the big bad monopoly wolf of Androi...
ONCD asks software manufacturers to adopt memory safe languages
Tuesday, March 5, 2024 by Richard Harris
The White House Office of the National Cyber Director (ONCD) has released a new report asking software manufacturers to adopt memory-safe programming languages to help reduce vulnerabilities from entering the supply chain.
"For thirty-five years, memory safety vulnerabilities have plagued the digital ecosystem, but it doesn’t have to be this way. This repo...
Cybersecurity performance optimization updates from Logpoint
Friday, February 2, 2024 by Austin Harris
Logpoint is releasing new capabilities to its Converged SIEM platform, enhancing threat detection and security operations and streamlining case management. Organizations can focus on essential security matters with the new capabilities by reducing workload, simplifying automation, and freeing up resources.
The new release delivers increased system stability and ...
AI cybersecurity impacts according to NetLib Security
Monday, December 18, 2023 by Richard Harris
This is an easy call to make: NetLib Security predicts that Artificial Intelligence - Generative AI - will continue to heavily impact the world of cybersecurity, upping the game for defensive players, while giving cybercriminals more tools on the offensive side.
2023 was a year in which AI seemed suddenly to be everywhere. Although AI is not a new field, ChatGPT and ...
API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
Is Temu safe, legit, or dangerous: Perspective from an app developer
Wednesday, July 12, 2023 by Richard Harris
Temu is a shopping website, and app chalked full of products from overseas at ridiculously dirt cheap prices. They have almost everything you can imagine too. From laser pointer slingshots to Expresso makers, the entire ecosystem is built around keeping you shopping with a gamified experience, and it gets addicting quickly.
Some of the ADM staff have placed orders an...
Fake app reviews impact developers more than you think
Thursday, June 29, 2023 by Austin Harris
Developers are well aware that a significant portion of online reviews for products and services, including those on popular platforms like Amazon, eBay, and TripAdvisor, are in fact fake. The issue of fake app reviews has become an increasingly pressing concern. These deceptive reviews have wide effects on both developers and consumers alike, significantly impacting th...
PCI DSS JavaScript compliance tool free from Jscrambler
Thursday, June 29, 2023 by Brittany Hainzinger
Jscrambler announced the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and si...
Oxeye discovers vulnerability in HashiCorp Vault Project
Tuesday, April 25, 2023 by Austin Harris
Oxeye announced the discovery of a new vulnerability in the HashiCorp Vault Project that has now been patched. HashiCorp Vault is a popular identity-based secret and encryption management system used to control access to API encryption keys, passwords, and certificates. The vulnerability was automatically discovered and reported by the Oxeye Platform during a deployment...
Zero trust policies for software releases could be key
Thursday, December 8, 2022 by Gopinath Rebala
Today’s integrated DevOps methodology offers businesses the promise of accelerating innovation by providing customers and employees with new application capabilities faster. However, this approach can also increase risks associated with cybercrime and the failure to comply with rapidly evolving privacy regulations. As a result, minimizing security risk during the ...
Traceable AI and ArmorCode integration
Wednesday, August 24, 2022 by Brittany Hainzinger
ArmorCode has announced an integration with Traceable AI which will bring its data into the ArmorCode platform and improve Application Security Posture from code to cloud.
To move at the speed of business, modern applications are increasingly powered by APIs to deliver functionality. The challenge is that each new API must be secured and as the number of APIs in...
Fewer apps in Google Play Store than 4 years ago
Thursday, April 28, 2022 by Brittany Hainzinger
A TradingPlatforms.com analysis shows there are fewer applications in Google's Play Store today than four years ago. The site presented data showing that the store's app numbers had fallen by a million.
Data shows fewer apps in Google Play Store than 4 years ago
Google Play Store hosted 2,591,578 applications by March this year. This figure is a 28% drop f...
