Gartner® Report: Innovation Insight for Application Security Posture Management (ASPM), 2023

Download Now
image of blog Nadav Noy

Nadav Noy

Showing all posts by Nadav Noy

Legit Security | Uncovering 'AIJacking': How Attackers Exploit Hugging Face for AI Supply Chain Attacks - A Deep Dive into Vulnerabilities and Risks.

Legit Discovers "AI Jacking" Vulnerability in Popular Hugging Face AI Platform

Uncovering 'AIJacking': How Attackers Exploit Hugging Face for AI Supply Chain Attacks - A Deep Dive into Vulnerabilities and Risks.

Read More
Legit Security | Uncover the security concerns in the era of AI and LLMs, delving into code opacity and application embedding risks.

The Risks of Being Blind to AI in Your Own Organization

Uncover the security concerns in the era of AI and LLMs, delving into code opacity and application embedding risks.

Read More
Legit Security | Explore Legit Security's revolutionary AI application security, risks, and solutions in our blog.

Securing AI-Generated Code

Explore Legit Security's revolutionary AI application security, risks, and solutions in our blog.

Read More
Legit Security | Learn how the use of Large Language Models (LLMs) like OpenAI's GPT and Google's Bard can create security risks in your applications.

Emerging Risks with Embedded LLM in Applications

Learn how the use of Large Language Models (LLMs) like OpenAI's GPT and Google's Bard can create security risks in your applications.

Read More
Legit Security | CI/CD automates software development, while self-hosted runners enable general customization. SaaS platforms provide limited control.

Securing Your CI/CD Pipeline: Exploring the Dangers of Self-Hosted Runners

CI/CD automates software development, while self-hosted runners enable general customization. SaaS platforms provide limited control.

Read More
Legit Security | 3CX, an international VoIP IPBX software, experienced software supply chain attack. We detail what occurred, and how it can be prevented.

Sophisticated 3CX Software Supply Chain Attack Affects Millions of Users

3CX, an international VoIP IPBX software, experienced software supply chain attack. We detail what occurred, and how it can be prevented.

Read More
Legit Security | Our team has found a vulnerability in Azure Pipelines (CVE-2023-21553) that allows an attacker to execute malicious code in a pipeline.

Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack

Our team has found a vulnerability in Azure Pipelines (CVE-2023-21553) that allows an attacker to execute malicious code in a pipeline.

Read More
See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.

How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack

See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.

Read More
On Oct 7th, Toyota announced a possible data leakage incident. The compromised data contained 296,019 customers' private information, including customers' personal email addresses.

Toyota Customer Data Leaked Due To Software Supply Chain Attack

On Oct 7th, Toyota announced a possible data leakage incident. The compromised data contained 296,019 customers' private information, including customers' personal email addresses.

Read More
On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The installer was compromised using a supply chain attack on the Comm100 development pipeline.

Software Supply Chain Attack Leads to Trojanized Comm100 Installer

On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The installer was compromised using a supply chain attack on the Comm100 development pipeline.

Read More
AppSec isn’t always top of mind - but it should be. And here’s why. Learn about the 5 things you need to know about application security in DevOps.

5 Things You Need to Know About Application Security in DevOps

AppSec isn’t always top of mind - but it should be. And here’s why. Learn about the 5 things you need to know about application security in DevOps.

Read More

Book a demo including the option to analyze your own software supply chain.