AppSec stories

Manifest unveils SBOM generator for unmanaged C and C++ code, tackling critical supply chain blind spots in embedded and safety systems.

Tenable appoints veteran cybersecurity sales leader Dino DiMarino as chief revenue officer to drive global growth in exposure and AI risk.

Microsoft's March Patch Tuesday fixes 77 flaws, including a severe SQL Server bug that could grant attackers sysadmin rights remotely.

HackerOne warns AI rollouts are outpacing security, with 89% of organisations lacking full testing and incidents driving up costs.

ActiveState appoints seasoned open source leader Abby Kearns as chief executive, sharpening its focus on managed open source security.

Endor Labs unveils AURI, a security intelligence platform embedding reachability-led checks into AI coding assistants and CI/CD pipelines.

Terra Security becomes first AWS partner validated for Autonomous Security Validation, as AI-driven continuous threat testing gains pace.

New research from Cobalt finds 98% of surveyed pentesters prefer PTaaS to bug bounties and show almost no faith in AI-only security scanning.

JFrog warns 13 GitHub CI/CD workflow flaws, mostly critical, could let attackers hijack pipelines and steal secrets at scale.

Claude Code flaws found by Check Point could let malicious repos run code and grab API keys before developers confirm a project is trusted.

Endor Labs has launched AURI, an AI-aware security platform that embeds continuous code checks directly into agent-driven development workflows.

LevelBlue debuts Exposure Management for Partners with Tenable, giving MSSPs and MSPs tiered, unified exposure and risk visibility tools.

LevelBlue and Tenable have teamed up to launch a tiered exposure management service giving MSPs continuous, risk-based visibility.

Manifest research reveals executives overestimate AI security readiness, as AppSec teams warn of unmanaged tools, blind spots and rising risk.

As AI tools spread through software teams, rising security flaws and shadow AI use are forcing leaders to tighten guardrails fast.

Chainguard expands its rebuilt-from-source Libraries to Python, Java and JavaScript, targeting malware risks in AI-driven software supply chains.

A rapid surge in OpenClaw AI assistant use has left tens of thousands of exposed systems and a trail of hijacked tools and malicious add-ons.

GitLab expands its MSP partner programme to deliver agentic AI-powered DevSecOps as a managed service with strict data sovereignty controls.

Datadog warns 87% of organisations run software with exploitable flaws as ageing code, fast releases and automation amplify DevSecOps risk.

Security debt hits 82% of organisations as legacy flaws linger over a year, with third-party code driving most critical vulnerabilities.