#AppSec:
LightNews LightNews
approov.bsky.social
Did our 2025 mobile cybersecurity predictions come true? A look back at 7 key trends. From AI-powered attacks & defences to new app distribution models and beyond — it’s clear the threat landscape is accelerating.

approov.io/blog/approov...

#MobileSecurity #AppSec #Cybersecurity #AI
7 Mobile Cybersecurity Trends Approov Forecast for 2025 — And the Results Are In
Approov reviews its 2025 mobile cybersecurity predictions. See which trends—AI threats, API security, open-source risks, breach rules—actually happened.
approov.io
December 16, 2025 at 11:57 AM
owasp.org
🔥 Trainer Spotlight: @MarisaFagan & @JulianeReimann! 🔥
Join their 1-Day Security Champions Program 🔐 Turn engineers into security heroes with hands-on exercises & strategies that make a real impact.
Register 👉 londonowasptrainingd...

#appsec #securitychampions #owasp #training
December 16, 2025 at 10:39 AM
compass-security.com
In a new video, Nicolò @rationalpsyche.bsky.social walks through how to fuzz with AFL++, how to pick targets, avoid common pitfalls, and boost effectiveness. Find performance tips, fuzzing theory, and AFL++ internals.

Watch here: youtu.be/L5Tin7m5sbE?...

#security #fuzzing #AFLplusplus #appsec
Fuzzing and AFL++
YouTube video by Compass Security
youtu.be
December 16, 2025 at 8:39 AM
opsmatters.com
The latest update for #AikidoSecurity includes "#AI #Pentesting in Action: A TL;DV Recap of Our Live Demo" and "#SAST in the IDE is now free: Moving SAST to where development actually happens".

#Cybersecurity #AppSec #DevSecOps https://opsmtrs.com/48vGyRP
Aikido
Aikido Security is an automated application security platform designed specifically for software engineering teams.
opsmtrs.com
December 16, 2025 at 2:25 AM
shehackspurple.bsky.social
The Elephant in AppSec: Why AppSec Is breaking: Vibe Coding, DevSecOps backlogs & the new OWASP Top 10

Video: https://twp.ai/ImsC7S
Audio: https://twp.ai/E6CwvO
December 15, 2025 at 9:43 PM
llms.activitypub.awakari.com.ap.brid.gy
NDSS 2025 -I Know What You Asked: Prompt Leakage Via KV-Cache Sharing In Multi-Tenant LLM Serving Session 6A: LLM Privacy and Usable Privacy Authors, Creators & Presenters: Guanlong Wu (Souther...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]
Original post on securityboulevard.com
securityboulevard.com
December 16, 2025 at 2:29 AM
llms.activitypub.awakari.com.ap.brid.gy
NDSS 2025 – Evaluating Users’ Comprehension and Perceptions of the iOS App Privacy Report Session 6A: LLM Privacy and Usable Privacy Authors, Creators & Presenters: Xiaoyuan Wu (Carnegie Me...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]
Original post on securityboulevard.com
securityboulevard.com
December 15, 2025 at 6:19 PM
doyensec.bsky.social
Happy Holidays everyone!☃️ We’re taking a break next week for our annual shutdown to celebrate another successful year and give our team time to recharge. 🙌
#doyensec #appsec #security
December 15, 2025 at 3:56 PM
educativ.bsky.social
GRC-Appsec-Manager Job educativ.net/jobs/job/50149...
December 15, 2025 at 3:39 PM
cybermaterial.bsky.social
New React RSC Bugs Enable DoS Attacks
Click Here: buff.ly/mtPC7iA

#Cybersecurity #Infosec #React #WebSecurity #DoS #SourceCodeExposure #AppSec #DevSecOps #Vulnerability #SecureCoding #OpenSourceSecurity
December 15, 2025 at 3:24 PM
owasp.org
🎤 Ready to shine on the OWASP stage? Join our free event, “So You Want to Be an OWASP Speaker,” inspired by Who Wants to Be a Millionaire?
Learn to craft standout CfPs, deliver great talks, and boost your confidence, no lifelines needed!
Join us: owasp.glueup.com/eve...

#appsec #cybersecurity
December 15, 2025 at 3:19 PM
zaproxy.org
ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec
ZAP 2.17.0
ZAP 2.17.0 has just been released. The release includes core performance improvements and will significantly reduce the number of “duplicate” alerts reported.
www.zaproxy.org
December 15, 2025 at 3:16 PM
eyalestrin.bsky.social
Oyster Backdoor Resurfaces: Analyzing the Latest SEO Poisoning Attacks #appsec
Oyster Backdoor Resurfaces: Analyzing the Latest SEO Poisoning Attacks
Eyal Estrin unread, 12:19 AM (1 hour ago)    to https://www.cyberproof.com/blog/oyster-backdoor-resurfaces-analyzing-the-latest-seo-poisoning-attacks/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social
groups.google.com
December 15, 2025 at 5:50 AM
rootshell.online
Fresh cyber content every day. Watch the newest playlist and learn how hackers think—and how to defend. 🚀 https://www.youtube.com/playlist?list=PLXqx05yil_mfeA8JgltcdKiQns8D1J57y
#Hacking #CyberDefense #AppSec #Ransomware #DarkWeb
251214 rootshell.online
Created on Sun Dec 14 23:00:00 CST 2025 - A news, tutorials and conferences about security published on YouTube - Find the RSS Feed with latest playlists at ...
www.youtube.com
December 15, 2025 at 5:04 AM
hoodiepony.com
ICYMI
This is an excellent read, postmortem and lessons from PostHog which was a victim of a software supply chain attack.
posthog.com/blog/nov-24-...

#appsec #prodsec
Post-mortem of Shai-Hulud attack on November 24th, 2025 - PostHog
At 4:11 AM UTC on November 24th, a number of our SDKs and other packages were compromised, with a malicious self-replicating worm - Shai-Hulud 2.…
posthog.com
December 15, 2025 at 3:11 AM
Spent some time digging through the big AI security reports from 2025.
Some expected themes, some wild surprises, including a zero-click prompt injection against Microsoft 365.

www.ado.im/posts/ai-sec...

If you’re working in AI or AppSec, curious what trends you’re seeing.
#ai-security
AI Security in 2025: What I Learned This Weekend, and What I'll Be Watching for in 2026 | Aaron Ott
A weekend deep dive into three major AI security reports from 2025, what actually broke in the real world, and where security teams should focus their attention in 2026.
www.ado.im
December 14, 2025 at 11:53 PM
eyalestrin.bsky.social
The Fragile Lock: Novel Bypasses For SAML Authentication #appsec
The Fragile Lock: Novel Bypasses For SAML Authentication
    The Fragile Lock: Novel Bypasses For SAML Authentication 0 views Eyal Estrin unread, 11:09 AM (11 minutes ago)    to http://i.blackhat.com/BH-EU-25/eu-25-Fedotkin-TheFragileLock.pdf http://i.blackhat.com/BH-EU-25/eu-25-Fedotkin-TheFragileLock-WP.pdf Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social Reply all Reply to author Forward
groups.google.com
December 14, 2025 at 7:21 PM
eyalestrin.bsky.social
GitHub Action tj-actions/changed-files supply chain attack: everything you need to know #appsec
GitHub Action tj-actions/changed-files supply chain attack: everything you need to know
Eyal Estrin unread, 8:50 AM (1 hour ago)    to https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066 Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social Reply all Reply to author Forward
groups.google.com
December 14, 2025 at 4:46 PM
2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy
NDSS 2025 – Secret Spilling Drive: Leaking User Behavior Through SSD Contention Session 5D: Side Channels 1 Authors, Creators & Presenters: Jonas Juffinger (Graz University of Technology), Fa...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]
Original post on securityboulevard.com
securityboulevard.com
December 14, 2025 at 10:29 PM
eyalestrin.bsky.social
Vibe Coding: Innovation Demands Vigilance #appsec
Vibe Coding: Innovation Demands Vigilance
Eyal Estrin unread, 12:44 AM (1 hour ago)    to https://www.darkreading.com/application-security/vibe-coding-innovation-demands-vigilance Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social
groups.google.com
December 14, 2025 at 9:16 AM
righettod.eu
💡 Very interesting article about output escaping in an API context:

#appsec #appsecurity #api

treblle.com/blog/api-esc...
It’s an API, do I really need to escape anything? - Treblle
Escaping output is often overlooked in APIs, but it’s crucial for preventing security vulnerabilities like XSS attacks. Even when returning JSON, unsafe characters can lead to risks if not properly es...
treblle.com
December 14, 2025 at 7:51 AM
rootshell.online
Keep your skills sharp with the latest cyber playlist—stream now and stay informed. ⚔️ https://www.youtube.com/playlist?list=PLXqx05yil_meCFMYTsjZaUoKZlzECfI45
#CyberSecurity #AppSec #ThreatIntelligence #Ransomware #OnlineSafety
251213 rootshell.online
Created on Sat Dec 13 23:00:00 CST 2025 - A news, tutorials and conferences about security published on YouTube - Find the RSS Feed with latest playlists at ...
www.youtube.com
December 14, 2025 at 5:04 AM
shehackspurple.bsky.social
I will be speaking at OWASP Leiria Meetup December 18th, come join us online for free! Corey .J Ball will also be there, and I will be discussing "Minimal Viable AppSec", how to build a program on a budget. Let's go! #owasp #appsec

https://twp.ai/9PXxkf
December 14, 2025 at 3:07 AM
2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy
NDSS 2025 – A Systematic Evaluation Of Novel And Existing Cache Side Channels Session 5D: Side Channels 1 Authors, Creators & Presenters: Fabian Rauscher (Graz University of Technology), Cari...

#Network #Security #Security #Bloggers #Network #appsec […]

[Original post on securityboulevard.com]
Original post on securityboulevard.com
securityboulevard.com
December 13, 2025 at 6:27 PM
japi.bsky.social
"We evaluate ten #cybersecurity professionals alongside six existing #AI agents and ARTEMIS, our new agent scaffold, on a large university network consisting of ∼8,000 hosts across 12 subnets."

arxiv.org/abs/2512.09882 #appsec
Comparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing
We present the first comprehensive evaluation of AI agents against human cybersecurity professionals in a live enterprise environment. We evaluate ten cybersecurity professionals alongside six…
arxiv.org
December 13, 2025 at 11:49 AM