News

OX Security
ox. security > blog > ai-risk-management-framework

AI Risk Management Frameworks Explained: Governance, Accountability, and Runtime Reality

1+ day, 7+ hour ago  (1444+ words) AI risk management has become a pressing issue for enterprise security teams in 2026 because it is embedded directly into how software is built and shipped. Organizations routinely use AI to generate code, modify build logic, recommend dependencies, and automate operational…...

Symbols: btc-usd,eth-usd,xrp-usd
OX Security
ox. security > blog > ai-is-rewriting-the-rules-of-software-security-heres-what-the-experts-say

AI is Rewriting the Rules of Software Security. Here's What the Experts Say.

6+ day, 23+ hour ago  (1383+ words) What does securing software in an AI-accelerated world actually mean?" Trying to make sense of this question, and offering expert prescriptive advice around it, was the theme of Vibe Sec Con Returns, an OX Security-hosted virtual event featuring CISOs, industry…...

Symbols: cwe-80,ivn.to,cone.v,bng.to,sply.cn,fgfl.cn
OX Security
ox. security > blog > the-top-security-risks-of-ai-generated-code-preventing-vulnerabilities-at-creation-for-appsec-leaders

The Top Security Risks of AI-Generated Code: Preventing Vulnerabilities at Creation for App Sec Leaders

1+ week, 6+ day ago  (830+ words) This article will guide systems builders, Dev Ops Engineers, and CISOs to better understand the scope of the security risks associated with AI code generation systems and ways to defend against them. A coding tool's built-in security can never have…...

Symbols: btc-usd
OX Security
ox. security > blog > easy-day-js-supply-chain-attack-hits-mastra-ai-in-npm

easy-day-js Supply Chain Attack Hits Mastra AI in npm

2+ week, 1+ day ago  (201+ words) The attack was coordinated by the threat actor stealing the "ehindero" account, and another account " "sergey2016" " uploading the malicious npm package, and weaponizing it. The use of install script is soon to be deprecated in npm, which might surge an increase…...

Symbols: index.js
OX Security
ox. security > blog > ox-security-wins-best-devsecops-platform-in-the-hacker-news-inaugural-2026-cybersecurity-stars-awards

OX Security Wins Best Dev Sec Ops Platform in The Hacker News" Inaugural 2026 Cybersecurity Stars Awards

2+ week, 6+ day ago  (253+ words) OX Security has been named the Best Dev Sec Ops Platform in the inaugural 2026 Cybersecurity Stars Awards, presented by The Hacker News and evaluated by an independent panel of judges. According to the judges, "OX has built a platform that…...

Symbols: btc-usd
OX Security
ox. security > blog > 600000-monthly-downloads-affected-miasma-supply-chain-attack-is-back-on-npm

600, 000 Monthly Downloads Affected: Miasma Supply Chain Attack Is Back on npm

3+ week, 6+ day ago  (284+ words) Edit: Another wave of infected packages with a weaponized binding. gyp has hit npm, we are tracking this as more infections are to follow. Thanks to Kirk from Derp. ca for helping us out on this. The following string" "Miasma…...

Symbols: setup.js,index.js
OX Security
ox. security > blog > six-stages-deep-and-an-endless-loop-shai-hulud-is-getting-sophisticated

Six Stages Deep and an Endless Loop: Shai-Hulud Is Getting Sophisticated

1+ mon, 2+ hour ago  (463+ words) On our last blog we tried to present visually how complex it is, showing the 3rd stage dropper works, where we made this flow chart " But in reality this only covers a very small portion of the actual logic, which looks…...

Symbols: nasdaq:rvyl
OX Security
ox. security > blog > megalodon-cicd-malware-github

Megalodon: New CI/CD Malware Spreads Across Git Hub, Infecting ~5, 000+ Repositories

1+ mon, 1+ week ago  (477+ words) The malware spreads by injecting fake automated commits into Git Hub repositories. Once a repository owner merges the commit, the malware executes inside their CI/CD pipeline and propagates further. Big thanks to Safe Dep for uncovering this malicious campaign....

Symbols: cwe-77
OX Security
ox. security > blog > sbom-security

SBOM Security in 2026: Why Inventory Alone No Longer Reduces Risk

1+ mon, 1+ week ago  (1573+ words) Software supply chains got complicated fast. Your applications now rely on hundreds of open-source packages, third-party components, containers, and build pipelines that change every day. Software Bills of Materials (SBOMs) promised visibility into that complexity " a clear inventory of what's…...

Symbols: btc-usd
OX Security
ox. security > blog > the-antv-ecosystem-was-compromised-with-shai-hulud-malware-300-packages-affected

The @antv Ecosystem Was Compromised with Shai-Hulud Malware, 300+ Packages Affected

1+ mon, 2+ week ago  (600+ words) There's not much to say about the Shai-Hulud malware and its variants that we didn't already say before (Team PCP Copycats Are Here, Team PCP Leak Shai-Hulud Source, Tan Stan Shai-Hulud Compromise, SAP Compromise, Bitwarden CLI Compromise). We suspect that…...