Cookies Notice
This site uses cookies to deliver services and to analyze traffic.
Dive into Apiiro's breakthrough LLM-based free-text code search engine that identifies malicious code patterns without depending on large datasets.
Explore these five hard-to-find application and supply chain risks with ease using Apiiro’s Risk Graph Explorer.
Apiiro’s ASPM platform now automatically detects GenAI frameworks, so organizations have full visibility into privacy, data, and legal risk introduced by these frameworks.
Apiiro’s security research team has developed a revolutionary approach for accurately connecting code segments—such as open-source packages or commits—by similarity.
A critical security flaw, CVE-2023-4863, has been identified in libwebp. Identify and prioritize instances of the new WebP 0-day that are most risky to your business with Apiiro—without runtime agents.
Our approach to identifying malicious open-source packages combines LLMs with proprietary pattern detection and self-enhancement to improve accuracy at scale.
Introducing XBOM, our up-leveled approach to SBOM that provides unified visibility across all application and supply chain components, their connections, risks, and more.
In response to overwhelming malicious activity, PyPI temporarily suspended the creation of all new users and projects.
The Apiiro AI engine discovered a malicious Python package that is currently presented on the python PyPI package management portal.
Find out how you can identify and fix material changes with Apiiro so your developers can focus on bringing more value to customers!
The latest incident involves Dropbox and relates to exposed secrets from 130 private repositories belonging to the company.
The latest release of OpenSSL contains a patch for recent vulnerabilities and announced just a week ago on October 25th.
A few days ago OpenSSL, the widely-used cryptography/TLS project released a very rare announcement that notified the public of an upcoming release of the project code that will fix a critical 0-day vulnerability. The release (OpenSSL version 3.0.7) is being released today and it is intended as a security fix for a critical vulnerability in […]
A recent leak of almost 300,000 of Toyota's customer emails and control numbers showcases the risks of exposed secrets in code.
To effectively monitor security of APIs, you need to take the necessary steps and know what to look for in API code.
Find out how to detect cloud-native application architecture drift and deal with it early in the SDLC.
Cloud has transformed the way development teams design, develop, build and deploy applications. Developers are moving fast and the number of changes and releases is increasing exponentially, as are the risks. In the era of cloud-native application development, the remediation lifecycle is getting longer and more complex because risks are distributed across design, code, open […]
What is Spring-Core remote code execution (RCE) vulnerability (“Spring4Shell”)? Here is what you should know.
Learn how to shift left security and proactively fix API code risks early in the software development lifecycle.
Apiiro's Security Research team has discovered a major vulnerability in Argo CD platform (CVE-2022-24348).
AppSec starts at the user story. Since the speed of development has grown rapidly over the past few years, “security during design” is critical.
A rogue developer intentionally corrupted npm libraries, showing the need for developer activity analysis in supply chain security.
Static application security testing has been vital to AppSec programs for decades, but SAST lacks the context to keep up with DevOps.
Software supply chain attacks have changed AppSec. SolarWinds, Codecov, and more show a need for defense from design to code to cloud.
On Wednesday, Oct. 7 2021, an anonymous 4chan user claimed to have posted 125 GB of data from 6,000 internal Git repositories. Twitch confirmed the massive data leak, including source code and creator earnings, and stated that the breach was due to a “server configuration change”. While there will be many negative repercussions of this […]
Developers are getting more responsibility and as a result, attackers can use developer identities to gain system access.
Understanding and remediating the risk of secrets in code cannot be done in isolation. Learn how to do both.
This blog demonstrates some of Apiiro’s anomaly detection capabilities that are used by our clients to protect and secure their repositories.
A multi-dimensional approach to code risk analysis can optimize processes by focusing SDLC tools on the “changes that matter most.”
Apiiro has developed a patent-pending technology to detect and prevent SolarWinds-style attacks before shipping binaries to production.
Consider how to identify risky material code changes and prevent them from being deployed in the first place.