Application Security

Fake npm utilities remotely delete entire app directories

Laura FrenchJune 6, 2025

The malicious packages create backdoor endpoints and act as wipers when activated.

Today's Top AppSec Headlines

Application Security: Explained and Explored

Application security
From trojans to quantum leaps: An inside look at this week’s cyber mayhem
Application security
Breaking barriers: Solving AppSec challenges in financial services
AI/ML
RSAC 2025 executive interview: Sonatype’s Brian Fox
Application security
CyberSG TIG Collaboration Centre RSAC 2025 interview: Teik Guan Tan of pQCee
Cloud Security
RASC 2025 executive interview: Oligo Security’s Gal Elbaz
Application security
RSAC 2025 executive interview: Apiiro’s Idan Plotnik
Application security
Why comprehensive scan coverage is critical for DevSecOps lifecycle success and regulatory compliance
DevSecOps
Security without speed bumps: Using WAF simulator to transform DevSecOps workflows
IoT
AI, automation, and the future of IoT security: Meeting compliance without sacrificing speed
Identity
Auth0 Platform now helps secure GenAI applications

Application Security News

Google Chrome application icon on Apple iPhone X screen close-up. Google Chrome app icon. Google Chrome application.

Application security

Chrome extensions transmit sensitive data over HTTP, leak API keys

Security pros warn that the leaked data could be used to launch profiling, phishing, or other targeted attacks.

(Credit: prima91 – stock.adobe.com)

Threat Intelligence

0-click exploitation of iMessage nickname feature revealed

The now-resolved issue was potentially used to target high-profile individuals, researchers say.

(Credit: Ungureanu – stock.adobe.com)

Android trojan ‘Crocodilus’ hijacks accessibility settings for control

The malware has evolved with new features and spread globally in the past three months.

In a dark, textured digital space a red padlock glows atop a small black cube, symbolizing security, protection, and privacy in the world of data and technology..

Encryption and decryption: The foundation of data protection

Ensuring information remains confidential and secure is a core cybersecurity technique.

Azure developed by Microsoft

CISA warns of attacks on Commvault’s Microsoft Azure environment

CISA believes the attacks on Commvault Azure environments may be part of a larger campaign to target SaaS vendors.

futuristic cloud computing concept. glowing cloud symbol with medical cross on a digital circuit board background. ideal for technology, healthcare, and data security projects.

Serviceaide data breach exposed info of 483K Catholic Health patients

Incident underscores impact of third-party breaches on health organizations, security experts say.

Application security

Google Calendar used as middleman for stealthy NPM malware

The malicious package also uses Unicode steganography to evade detection.

ai agents concept with businessman is using artificial intelligence agentic technology on laptop computer to help him make decision marking on business and planning schedule to customer appointment

AI that empowers: Redefining security operations excellence with AI + human expertise

Download eSentire's 10 questions to ask vendors about AI when choosing an MDR provider.

Application security

Google settles nearly $1.4B Texas case for collecting personal data

Settlement is the largest individual penalty to date against Google in the state of Texas.

RSAC 2025: Top 5 mobile app risks revealed by half a million assessments

Organizations can’t assume apps from the Apple and Google Play stores have been tested for security.

Fast Five

Selected by the SC Media Editorial team every Tuesday.

Sign up now for the top five issues cybersecurity pros need to know this week.

AppSec Events