AI-generated code is changing AppSec workflows, forcing teams to rethink SDLC security, dependency checks, code review, and risk prioritization.
Tag: AppSec
GeekGuyBlog
Xygeni GitHub Action Compromised: What You Need to Know
Discover the recent compromise of a popular GitHub Action by Xygeni and learn how it could impact your applications and security practices.
Global Security News
Xygeni GitHub Action Compromised Via Tag Poison
Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni’s xygeni/xygeni-action in that time.
AI, Exploits, Global Security News, Risk Management
OpenAI says Codex Security found 11,000 high-impact bugs in a month
OpenAI’s new AppSec agent, Codex Security, has already flagged over 11,000 high-severity and critical flaws in real-world codebases during its first 30 days of research testing. The tool, designed to automatically find, validate, and fix vulnerabilities in software repositories, reportedly identified about 800 critical issues in more than a million scanned commits. According to an…
AI, Apps, Endpoint, Exploits, Global Security News, Risk Management
Everyone Knows About Broken Authorization – So Why Does It Still Work for Attackers?
Broken authorization is one of the most widely known API vulnerabilities. It features in the OWASP Top 10, AppSec conversations, and secure coding guidelines. Broken Object Level Authorization (BOLA) and Broken Function Level Authorization (BFLA) account for hundreds of API vulnerabilities every quarter. According to the 2026 API ThreatStats report, authorization issues ranked ninth in…