InfoQ - Application Security - News https://www.infoq.com InfoQ Application Security News feed GitHub Expands Secret Scanning with General Availability of MCP Server Integration https://www.infoq.com/news/2026/05/github-mcp-secret-scanning/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security-news <img src="https://res.infoq.com/news/2026/05/github-mcp-secret-scanning/en/headerimage/generatedHeaderImage-1778422946373.jpg"/><p>GitHub has announced the general availability of secret scanning support through its MCP Server, extending automated credential detection and remediation capabilities into AI-assisted and agent-driven development workflows.</p> <i>By Craig Risi</i> github Model Context Protocol (MCP) Application Security DevOps news Tue, 12 May 2026 12:00:00 GMT https://www.infoq.com/news/2026/05/github-mcp-secret-scanning/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security-news Craig Risi 2026-05-12T12:00:00Z /news/2026/05/github-mcp-secret-scanning/en Attacker Bought 30 WordPress Plugins on Flippa and Backdoored All of Them https://www.infoq.com/news/2026/05/wordpress-plugins-supply-chain/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security-news <img src="https://res.infoq.com/news/2026/05/wordpress-plugins-supply-chain/en/headerimage/generatedHeaderImage-1777874069748.jpg"/><p>An attacker purchased 30+ WordPress plugins on Flippa for six figures, planted a PHP deserialization backdoor in the first commit, and waited eight months before activating it across 400,000 installations. The attack used Ethereum smart contracts to resolve C2. WordPress.org has no mechanism for reviewing plugin ownership transfers, a gap that npm and PyPI addressed years ago.</p> <i>By Steef-Jan Wiggers</i> Software Supply Chain Application Security Dependency Management Security Vulnerabilities Development Architecture & Design news Wed, 06 May 2026 10:00:00 GMT https://www.infoq.com/news/2026/05/wordpress-plugins-supply-chain/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security-news Steef-Jan Wiggers 2026-05-06T10:00:00Z /news/2026/05/wordpress-plugins-supply-chain/en GitHub Enhances CodeQL with Declarative Security Modeling for Faster, More Flexible Analysis https://www.infoq.com/news/2026/05/github-codeql-security-modeling/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security-news <img src="https://res.infoq.com/news/2026/05/github-codeql-security-modeling/en/headerimage/generatedHeaderImage-1777889993931.jpg"/><p>GitHub has introduced a significant update to its CodeQL engine, enabling developers to define custom sanitizers and validators directly through "models-as-data," a move that simplifies how teams extend security analysis across their codebases.</p> <i>By Craig Risi</i> CodeQL github Application Security DevOps news Tue, 05 May 2026 12:00:00 GMT https://www.infoq.com/news/2026/05/github-codeql-security-modeling/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Application+Security-news Craig Risi 2026-05-05T12:00:00Z /news/2026/05/github-codeql-security-modeling/en