Stop Supply Chain Attacks: GuardDog Scans Your Dependencies for Hidden Malware
Dec 16, 2025 · 3 min read · 📝 Quick Summary: GuardDog is a command-line interface tool designed to detect malicious packages across various ecosystems including PyPI, npm, Go, GitHub Actions, and VSCode extensions. It employs both source code analysis using Semgrep rules and p...
Join discussionDanh sách OWASP 2025 vừa công bố – những rủi ro bạn chưa từng nghĩ tới lại đứng top!
Nov 18, 2025 · 9 min read · Tổng quan Năm 2025 đã đánh dấu một bước ngoặt lớn trong cách chúng ta nhìn nhận về an ninh mạng nói chung và an ninh ứng dụng nói riêng. Bộ OWASP Top 10 – danh sách được coi là “kim chỉ nam” cho mọi chương trình AppSec trên thế giới vừa chính thức cậ...
Join discussion
The OWASP 2025 list has just been announced – risks you never thought of are at the top!
Nov 18, 2025 · 7 min read · Overview The year 2025 marked a significant turning point in how we perceive cybersecurity in general and application security in particular. The OWASP Top 10—a list considered the "guiding light" for every AppSec program worldwide—has just officiall...
Join discussion
The Shai-Hulud Worm: Dissecting the Self-Spreading Malware Attack on the NPM Ecosystem
Sep 18, 2025 · 14 min read · 1. Introduction: The Attack of the Code Worm Imagine building a project with a set of Lego bricks, but one of the bricks is secretly malicious. Not only is it a bad piece, but it also has the ability to copy itself and sneak into all the other Lego s...
Join discussion
The Nx Supply Chain Attack: When AI Becomes an Accomplice Attackers
Aug 27, 2025 · 8 min read · In a startling turn of events, the widely-used Nx build system fell victim to a sophisticated supply chain attack. On August 26, 2025, malicious versions of the Nx packages were published to the npm registry, compromising the systems of potentially t...
Join discussion
Slopsquatting: An Emerging Threat to Developers Using AI-Powered IDEs
Apr 19, 2025 · 4 min read · Recently, companies are supercharging developer productivity with AI-powered IDEs and agents! Tools like GitHub Copilot and CursorAI are at the forefront of this exciting transformation, offering developers incredible coding assistance and automation...
Join discussion
Introducing Software Composition Analysis
Apr 17, 2025 · 3 min read · Understanding and securing your software supply chain has never been more critical in today's increasingly complex software development landscape. We're excited to announce the latest addition to The Firewall Appsec Platform: our comprehensive Softwa...
Join discussion
Not Just Numbers: Why Semantic Versioning (SemVer) Is Your Best Friend in Fixing Vulnerable Dependencies
Mar 30, 2025 · 3 min read · Hey there, fellow AppSec explorers! Ever stumbled across a version like 0.1.0 or 2.5.3 and thought, “Are these numbers even real or just something the dev randomly typed in?” Same. Been there. Thought that. 😅 But the more I got into fixing SCA (Sof...
Join discussion
Safely Exploring Malicious NPM Packages: A Guide to Using Verdaccio for Secure Testing
Jan 11, 2025 · 4 min read · Software supply chain attacks are becoming increasingly common, posing significant risks to entire ecosystems. Detecting, analyzing, and mitigating these threats is crucial for security researchers and engineers. This guide explores how to use Verdac...
AAman commented