AppSec stories

DigiCert warns UltraDNS DDoS attacks spiked to record levels in December 2025, driven by massive Aisuru and Kimwolf botnets.

Tenable warns ‘LookOut’ flaws in Google Looker could hand attackers server control, expose secrets and enable cross-tenant cloud access.

Moltbook left a Supabase key exposed, leaking AI chats, 30,000 emails and 1.5 million API keys in a cautionary tale of vibe coding risk.

Qodo 2.0 launches multi-agent AI code review to boost trust in autogenerated code, claiming 11% better detection of critical issues.

Developers granting AI agents broad, unsupervised access to code and systems are creating new software supply chain and data exposure risks.

DryRun launches DeepScan Agent, an AI tool that scans whole codebases in hours to rank real-world security risks and speed remediation.

Tenable warns unpatched self-hosted Google Looker systems face remote takeover, data theft and cross-tenant cloud attack risks.

RapidFort secures USD $42m Series A to scale automated software supply chain security and continuous vulnerability remediation.

Security Journey launches AI-era developer manifesto and revamped platform to embed secure coding into everyday workflows and tooling.

A security lapse at AI agent service Moltbook exposes risky default database settings, raising fresh alarms over agentic system safeguards.

DigiCert warns Q4 internet traffic stayed high as DDoS and app-layer attacks grew longer and more intense, eroding traditional peak seasons.

Cybercriminals abused Hugging Face to host rapidly mutating TrustBastion Android malware stealing credentials across Asia-Pacific.

AI security fears and rapid release cycles are pushing firms to demand faster, deeper pentesting - and many are ready to ditch existing vendors.

HackerOne launches Agentic PTaaS, blending AI agents with human experts to deliver continuous, always-on penetration testing for enterprises.

AI-driven cloud adoption is forcing firms to swap static privacy checklists for continuous, real-time defence of sensitive data flows.

Cloudbrink adds Safe AI controls to its zero trust platform, securing hybrid enterprise use of AI agents and browser-based AI services.

Radware acquires Pynt to add pre-production testing and deliver unified lifecycle API security from design through to runtime defence.

Radware launches cloud-based API Security Service unifying discovery, posture management and runtime defence to counter evolving API threats.

Attackers are already exploiting AI agents, extracting hidden prompts, bypassing safety checks and abusing tools tied to data and systems.

Cobalt debuts a two-way penetration testing integration for Microsoft Teams, promising faster remediation and real-time security collaboration.