Blog

Practical steps security teams and developers can take to reduce risks from software supply chain attacks targeting the npm registry.

A virus-like npm malware attack has spread to 180+ packages so far, including CrowdStrike and Tinycolor.

AppSec company’s rapid growth reflects rising demand for security built for the speed and scale of engineering teams shaping the future of software with AI

Popular npm packages including chalk and debug were compromised in a major supply chain attack. Learn what happened, root cause, impact, and how to mitigate.

Nx supply chain attack: malicious npm versions of Nx exfiltrated SSH keys and tokens to GitHub—abusing AI code assistants. Learn how to detect and fix.

Endor Labs improves C/C++ SCA by combining cryptographic hashing, code embeddings, and a curated index for accurate dependency and vulnerability detection.

Kudelski Security uncovered an RCE flaw in CodeRabbit exposing 1M+ repos. Here’s what happened, how it was fixed, and key lessons for secure AI apps.

Unvetted AI models and services are entering your codebase. Do you have a plan to find and govern them?

Greg Pettengill, a Principal Product Security Engineer at Five9, is an early adopter of startup technology. In this article he shares his methodology for picking vendors that can deliver on promises.

Endor Labs now detects end-of-life (EOL) software in containers, helping AppSec teams eliminate risk early.

Learn about the most common and emerging security risks of AI-generated code, from injection flaws to hallucinated dependencies.

Developers are generating more code with AI coding assistants, but release velocity isn’t increasing. Here’s how to fix it.

Learn how to detect prompt injection vulnerabilities in GenAI applications and prevent attackers from exploiting LLM-powered workflows.

LLMs often recommend outdated or vulnerable open source packages—here’s why it happens, why it matters, and how AppSec and DevOps leaders can stay ahead.

How CWE-specific prompts cut LLM code vulnerabilities by more than half.

Secure AI-generated code at the source with a new integration for GitHub Copilot powered by the Endor Labs platform.

A CISO’s guide to analyzing and containing the security costs of AI-generated code

Endor Labs is now available on the Google Cloud Marketplace, enabling faster procurement and deployment of software supply chain security for GCP customers and partners.

Learn how to detect misconfigurations in Infrastructure as Code (IaC) files, preventing privilege escalation and unsafe defaults before they reach production.

Secure AI-generated code at the source with a new Cursor integration powered by the Endor Labs platform.

How a multi-step prompt technique can reduce vulnerabilities in AI-generated code

A step-by-step guide to testing Endor Labs SCA accuracy for C/C++ projects

CVE-2025-54313 tracks a supply chain attack on eslint-config-prettier, where four malicious versions of a popular npm library targeted Windows machines with a remote-code execution payload. Learn how it happened and how to stay safe.

The new FedRAMP RFC shifts the standard to require deep context into the reachability and exploitability of vulnerabilities. Here’s what you need to know.

A practical guide to embedding security requirements into AI coding workflows