AppSec stories
Malicious open source packages are increasingly slipping past spelling checks, exposing developer data and build systems to supply-chain attacks.
A free account could have let attackers alter Zapier-maintained packages and hijack logged-in users' browser sessions, researchers said.
Pressure to curb AI costs and improve returns is pushing Asia Pacific organisations towards multi-model deployment strategies across the software lifecycle.
Personalised prompts will now be triggered by risky AI-assisted code, as firms seek earlier controls on developer behaviour and data exposure.
Developers using npm could have secrets exposed as 176 malicious packages were set up to hijack dependency resolution and run postinstall malware.
The registry is tightening checks after malicious uploads exposed a gap between declared skill purpose and actual behaviour.
Early access to Anthropic's Mythos in Australia is helping Rubrik scan its code for flaws before attackers can exploit them.
Developers can now manage multiple AI coding agents in one place as GitHub tests a desktop Copilot app with worktree automation and review tools.
Rising vulnerability volumes are outpacing fix times, prompting HackerOne to roll out an AI system that feeds confirmed threats into developer tools.
Security teams can now apply the same rules to AI-generated code across development and deployment, as Salt broadens its platform to curb flaws earlier.
Businesses adopting AI now face a single service aimed at filling gaps in governance, monitoring and incident response across workflows.
AI-driven vulnerability scanning is forcing firms to rethink complacency as Check Point says existing defences still help against Mythos.
Companies can now tie AI code-use risks to developer training, with Secure Code Warrior aiming to prove compliance at commit level.
The award underscores rising demand for software tools that spot structural risk as AI coding assistants flood enterprise systems with new code.
The move targets vulnerabilities in software used by large firms, as AI makes it easier to find and exploit flaws.
Security teams in Australia and New Zealand may soon triage flaws faster as TrendAI uses Claude Opus 4.8 to assess exploitability and impact.
The funding will help firms spot hidden flaws and backdoors in compiled code as AI-generated software and supplier risk raise security concerns.
Developers using open-source tools face heightened supply-chain risk after the botnet lost all four of its command channels.
The platform aims to help AI developers move beyond benchmark tests, as models struggle to tackle real-world vulnerabilities safely and reliably.
The round values the software supply chain security company at USD $1 billion as AI coding boosts the flow of third-party code into production.
