https://www.infoq.com InfoQ Application Security feed https://www.infoq.com/news/2026/05/tanstack-supply-chain-attack/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security <img src="https://res.infoq.com/news/2026/05/tanstack-supply-chain-attack/en/headerimage/generatedHeaderImage-1778915238952.jpg"/><p>TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious package versions in just six minutes, exposing developers and CI/CD systems to credential theft and malware propagation.</p> <i>By Craig Risi</i> Application Security NPM Software Supply Chain DevOps news Tue, 19 May 2026 12:00:00 GMT https://www.infoq.com/news/2026/05/tanstack-supply-chain-attack/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security Craig Risi 2026-05-19T12:00:00Z /news/2026/05/tanstack-supply-chain-attack/en https://www.infoq.com/articles/ebpf-for-security-observability/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security <img src="https://res.infoq.com/articles/ebpf-for-security-observability/en/headerimage/ebpf-for-security-observability-header-1778674557176.jpg"/><p>eBPF is emerging as a preferred method for security observability over traditional user-space agents. By attaching probes directly to the Linux kernel's syscall interface, it provides consistent visibility even during container-level compromises. eBPF reduces security-related CPU consumption and limits data volume by performing filtering at the kernel level, enhancing operational efficiency.</p> <i>By Niranjan Sharma</i> Application Security eBPF Observability DevOps article Tue, 19 May 2026 09:00:00 GMT https://www.infoq.com/articles/ebpf-for-security-observability/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security Niranjan Sharma 2026-05-19T09:00:00Z /articles/ebpf-for-security-observability/en https://www.infoq.com/news/2026/05/cloud-fraud-defense-recaptcha/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security <img src="https://res.infoq.com/news/2026/05/cloud-fraud-defense-recaptcha/en/headerimage/generatedHeaderImage-1777383901225.jpg"/><p>At the recent Next ‘26 conference, Google introduced Google Cloud Fraud Defense, the successor to reCAPTCHA. The platform goes beyond basic bot detection to address broader online fraud across login, account creation, and payment flows, helping organizations detect suspicious behavior and block abuse, including fake accounts, automated attacks, and transaction fraud.</p> <i>By Renato Losio</i> Fraud Detection Google Cloud Application Security Cloud Security AI, ML & Data Engineering Development news Sat, 16 May 2026 08:39:00 GMT https://www.infoq.com/news/2026/05/cloud-fraud-defense-recaptcha/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security Renato Losio 2026-05-16T08:39:00Z /news/2026/05/cloud-fraud-defense-recaptcha/en https://www.infoq.com/news/2026/05/github-mcp-secret-scanning/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security <img src="https://res.infoq.com/news/2026/05/github-mcp-secret-scanning/en/headerimage/generatedHeaderImage-1778422946373.jpg"/><p>GitHub has announced the general availability of secret scanning support through its MCP Server, extending automated credential detection and remediation capabilities into AI-assisted and agent-driven development workflows.</p> <i>By Craig Risi</i> github Application Security Model Context Protocol (MCP) DevOps news Tue, 12 May 2026 12:00:00 GMT https://www.infoq.com/news/2026/05/github-mcp-secret-scanning/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security Craig Risi 2026-05-12T12:00:00Z /news/2026/05/github-mcp-secret-scanning/en