AppSec Briefing
A briefing on application security developments — supply chain attacks, AI code risks, DevSecOps tooling, and how engineering teams are securing their software pipelines.
Subscribe to receive new issues
Recent Issues
TeamPCP Goes Ransomware, GitHub MCP Zero-Click RCE, Axios CVSS 9.9
TeamPCP Pivots to Ransomware; 474 Repos Confirmed Executing Malicious Code The Axios backdoor has been formally named WAVESHAPER.V2(https://thehackernews.com/2026/04/openai-revokes-macos-app-
Dependabot Auto-Merge Hijacked, AI Frameworks Under Fire, 28-Day TTX
Now I have all the data I need. Let me write the newsletter. Renovate & Dependabot: Automation Turned Malware Distribution Layer A GitGuardian analysis of the Axios and LiteLLM incidents
Axios Hit OpenAI's Signing Pipeline, Copilot Leaked Secrets via Images
Now I have all the source data I need. Let me write the newsletter. Axios Reaches OpenAI's Signing Pipeline: Certificate Rotation, Stardust Chollima Attribution OpenAI disclosed(https:/
GlassWorm Hits Your IDE, BlueHammer Leaked, Adobe Zero-Day Fixed
GlassWorm's Zig-Based Cross-IDE Dropper Targets Developer Toolchains Aikido researchers document GlassWorm's latest variant(https://securityaffairs.com/190638/malware/glassworm-evolves-with-z
1,700 Malicious Packages, Snowflake Breach, and the SHA-Pinning Lie
Contagious Interview Expands to Five Ecosystems: 1,700 Packages Since January 2025 Socket researcher Kirill Boychenko documents Contagious Interview spreading into Go, Rust, and PHP(https://t
TeamPCP Hits Cisco & EU Commission; Claude Code CVEs; ShareFile Pre-Auth RCE
The research findings have already been gathered and are comprehensive. I have everything needed to write the newsletter. Let me synthesize now. TeamPCP's Expanding Blast Radius: Cisco Sourc
Axios Hijacked by NK Hackers, Next.js RCE Live, 66+ Packages Poisoned
Axios Hijacked via North Korean Actor, Next.js RCE Hits 766 Hosts, TeamPCP Cascades Across 66+ npm Packages — April 3, 2026 Supply Chain: Axios and LiteLLM Both Compromised in Days ax
More from Oria
Is AI replacing humans on job markets?
With surging AI investments and automation capabilities, is the job market facing mass displacement or new opportunities? We analyze AI's dual impact on headcount, exploring the paradox of job destruction versus creation.
Agentic software development
AI is rapidly transforming the software development lifecycle. This newsletter tracks emerging agentic tools and frameworks, providing enterprise-focused coverage on code generation, governance, deployment, and security from leading tech players and startups.
SRE Briefing
A briefing on site reliability engineering — production incidents, observability developments, AIOps, SLO practices, and how teams are keeping systems reliable.
CI/CD & Release Engineering Briefing
A briefing on CI/CD and release engineering — pipeline tooling, deployment strategies, build optimization, and developer productivity metrics for engineers who own the path from commit to production.
Platform and Infra Briefing
A briefing on platform and infrastructure engineering — Kubernetes, cloud infrastructure, networking, infrastructure as code, and the cloud native ecosystem.
Longevity & Anti-Aging Science
Track the latest breakthroughs in aging research, clinical trials, and longevity science. From age reversal trials and peptide therapies (BPC-157, rapamycin) to stem cell research and NMN studies — curated weekly for people serious about living longer and healthier.
Biohacking Therapies & Devices
Your weekly guide to the tools, therapies, and devices biohackers actually use. Covering red light therapy, cold plunge and sauna science, wearables (Oura, WHOOP, Ultrahuman), and the latest health tracking technology — backed by research, not hype.
Psychedelic Therapy
Follow the rapidly evolving world of psychedelic medicine. From FDA approval pathways and clinical trials to state legalization and cutting-edge brain research — a weekly digest for anyone tracking the psychedelic therapy revolution.