CloudDefense.AI Blog
- Anshu Bansal
- Security
The OWASP Top 10 is one of the primary standards that enables organizations to set a baseline for their application security. It provides organizations with a foundational guide, outlines the vital and severe application security risks. However, as attackers are getting sophisticated with their attacks and
- Anshu Bansal
- Security
For the last several years, traditional SAST has been one of the primary pillars of the modern software development environment. It employs a white-box approach to thoroughly scan the application’s source code and identify any vulnerabilities. However, with evolving cyberthreats, fast-paced development, and increasing complexity in
- Abhishek Arora
- Security
Over the years, the software development approach has undergone significant evolution. Modern organizations are always in pursuit of achieving quicker and more secure software delivery, making the “shift-left” approach a primary pillar. However, with increasing demand for precision in shift-left security and rapid cloud-native CI/CD workflow,
- Abhishek Arora
- Security
Over the years, the software development approach has undergone significant evolution. Modern organizations are always in pursuit of achieving quicker and more secure software delivery, making the “shift-left” approach a primary pillar. However, with increasing demand for precision in shift-left security and rapid cloud-native CI/CD workflow,
- Anshu Bansal
- Security
The cloud-native application protection platform, or CNAPP, has revolutionized how developers and AppSec teams secure modern cloud-native applications. It has brought a major shift to the security aspect of cloud native applications. With containers and Kubernetes becoming a default for development and a high-speed dev cycle
- Anshu Bansal
- Press
On 15-16 September 2025 a novel self-replicating supply-chain worm, being tracked publicly as “Shai-Hulud” was discovered in routine npm packages (npm packages compromised by Shai hulud worm). The malware was first observed in compromised versions of @ctrl/tinycolor and quickly expanded to dozens, then hundreds, of packages
- Abhishek Arora
- Security
In 2025, developers are always finding ways to speed up their development process. With the rapid adoption of AI code editors, organizations are achieving unprecedented development speed. However, it is also creating attack vectors in the development pipeline, and a vulnerability in the codebase can hamper
- Anshu Bansal
- Security
In 2025, developers are always finding ways to speed up their development process. With the rapid adoption of AI code editors, organizations are achieving unprecedented development speed. However, it is also creating attack vectors in the development pipeline, and a vulnerability in the codebase can hamper
- Anshu Bansal
- Security
Software development was once a team’s job. The advent of Continuous Integration and Continuous Delivery (CI/CD) completely transformed everything. It enables multiple dev teams to work together and boost the development through automation. For modern organizations, the CI/CD pipeline has become the backbone to cope with
- Anshu Bansal
- Press
A maintainer’s npm account was phished, and malicious versions of several widely used packages—chalk, debug, and a set of color/ANSI utilities—were published. Community reports and maintainer issues confirmed the tampering and the compromised versions were rapidly pulled. The payload acted as a crypto-drainer primarily when code
Cloud Security
Zero Trust Security vs. Perimeter Security: Key Differences
Security
Beyond OWASP Top 10: Using AI SAST to Uncover Nuanced and Zero-Day Flaws
Traditional SAST vs AI SAST (QINA Clarity): A Head-to-Head Comparison
Shifting Left, Smarter: Integrate QINA Clarity AI into Your CI/CD Pipeline
Shifting Left, Smarter: Integrate QINA Clarity AI into CI/CD Pipeline
Cloud Native Application Security: CNAPP for Dev & AppSec
CI/CD Pipeline Security: Practical Controls That Don’t Slow Dev
Building a “Shift-Left” Pipeline: Automated Security Testing with QINA Pulse
Press
Shai-Hulud: a self-propagating npm worm hits @ctrl/tinycolor and dozens more packages
Security Alert: Popular npm packages briefly compromised (chalk, debug, color family)
Palo Alto Firewalls Hacked: The Risks of Ignoring Zero-Day Vulnerabilities in Cloud Security
Internet Archive Breach: 31 Million Accounts Compromised in Major Cyber Attack
Major Data Breach Hits Fortinet: 440GB of Customer Data Compromised
Half a Million Members Stranded as Patelco Credit Union Battles Ransomware Attack
TeamViewer Admits Corporate Breach, Security Researchers Warn of Potential Customer Risk
Testing
Application Security
Security Operations Center (SOC) Roles and Responsibilities
CI/CD Security
Continuous Integration vs. Delivery vs. Deployment: Key Difference between CI vs CD
Threats
What is Fileless Malware? Examples, Detection and Prevention
