Independent intelligence for application security and software supply chain.
Daily reporting on supply chain attacks, security vendor moves, and standards changes that matter to engineers and compliance teams.
Featured coverage
Breach & incident coverage
Coverage of real breaches with response timelines and disclosure links. Recent reporting includes attacks on the npm ecosystem, popular CLI tools, IDE extensions, and major SaaS infrastructure.
Standards & frameworks
NIST guidance, OWASP frameworks, CISA advisories, EU regulatory updates, and the standards work that affects how production teams build and ship.
Vendor directory
Application security and software supply chain vendors organized by capability: SAST, DAST, SCA, SBOM management, secrets scanning, ASPM, CI/CD security, and API testing.
Glossary & reference
Definitions in plain English covering application security, software supply chain, vulnerability management, AI security, identity, threat modeling, and DevSecOps.
Latest Articles
Browse all 741 articles
Term of the Day
Browse all 247 termsRemote Code Execution
Remote Code Execution is a type of cyberattack in which an attacker runs malicious commands or code on someone else's computer or network without needing physical access to the device. This typically happens when an application or system has a security flaw that allows an outsider to send and execute instructions remotely. RCE is considered one of the most severe categories of security vulnerability because it can give an attacker significant control over the targeted system.
Read full definitionVendor Directory Spotlight
Browse all 151 vendors
Syhunt
Uncover Vulnerabilities Before They Strike
Syhunt offers an advanced API, web, and mobile application security scanner that employs Augmented Dynamic Analysis (DAST and OAST) to identify vulnerabilities and weaknesses in applications. With patented assessment technology developed in-house, Syhunt's tools support a wide range of organizations globally, focusing on application security. As a leader in this field, Syhunt's offerings aim to enhance the security posture of applications through thorough scanning and assessment processes.
Akto.io
Secure Your AI, Safeguard Your Future
Akto provides a dedicated AI security solution that focuses on securing MCPs (Managed Control Points) and AI agents. The platform offers real-time discovery, security testing, red teaming, and agentic posture management. Recognized by Gartner™ for its innovative approach, Akto allows teams to comprehensively discover, test, and protect all their APIs effectively. As a response to the evolving landscape of cybersecurity challenges, it delivers advanced security features aligned with modern AI security demands, ensuring that organizations can maximize their security posture.
Data Theorem, Inc.
Secure your applications, protect your users
Data Theorem is a leading provider in modern application security, specializing in Static Application Security Testing (SAST), Software Composition Analysis (SCA), and API security. Gartner ranks them #1 in Cloud Native Apps in the 2025 Critical Capabilities for Application Security Testing. They offer continuous discovery and inventory of mobile, web, APIs, and cloud assets, as well as automated hacking that includes SAST, DAST, IAST, and SCA. Their solutions help organizations discover, test, and protect all APIs, enhancing the security of applications for over 2.8 billion users, including seven of the largest banks.
Featured Resources
Browse all 7 resources
OWASP API Security Top 10 - Free Practical Guide | Application Security Standards
Download the free 17-page guide to the OWASP API Security Top 10. Learn each API risk, how attackers exploit it, and the controls that stop them.