Search results for Maven Security

Dependency Confusion Attacks in Maven: How They Work and Why Your settings.xml Makes You Vulnerable

In 2021, a security researcher breached Apple, Microsoft, PayPal, and 32 other organisations without writing a single exploit. He just uploaded a package. This article explains exa...

Detecting Bugs and Vulnerabilities in Java With SonarQube

The security audit report landed unexpectedly. It highlighted a critical vulnerability in our payment processing module. We had passed all unit tests. We had passed all integration...

38% of MCP servers have no auth -- inside the OWASP MCP Top 10

I installed 14 MCP servers last month. Then I read the CVE list. I've been running MCP servers in production since late 2025 -- connecting Claude to my accounting tools, project...

Let's enable MFA for all Ruby gems

Originally appeared on Giant Robots Smashing Into Other Giant Robots.A few weeks ago, Axios, the popular HTTP client for JavaScript, suffered a supply chain attack on NPM. An attac...

A Complete Guide to MFA in Spring Security 7

Multi-Factor Authentication (MFA) is a security mechanism that requires users to verify their identity using multiple authentication methods before gaining access to an application...

Add Basic Authentication (Console - based)

If you just want to see how the authentication looks like in Spring Boot, this blog is for you. Basic Authentication Create any controller which you want to secure....

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates...

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Between May 6 and 7, four security research teams published findings about Anthropic’s Claude that most outlets covered as three separate stories. One involved a water utility in M...

Building MCP servers that don't get hacked: 22 security checks every developer needs

I audited 50 open-source MCP servers last month. 43% had command injection vulnerabilities. Here are the 22 checks that will save you from shipping a backdoor. MCP (Model Context...

Apache CXF Flaw Exposes Systems to LDAP Injection Attacks

Apache CXF users are facing a significant security risk following the disclosure of a new vulnerability that exposes systems to LDAP injection attacks, potentially allowing unautho...

Enterprise Java Applications: A Practical Guide to Securing Enterprise Applications with a Risk-Driven Architecture

Enterprise Java applications still serve business-critical processes but are becoming vulnerable to changing security threats and regulatory demands. Traditional compliance-based s...

Survey: Spring Developers Have a Blindspot When It Comes to Container Security

SAN JOSE — A survey from BellSoft found that Spring developers don’t know their Dockerfiles affect their security posture, aren’t using hardened images and can’t name their complia...

How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe 

Modern applications rely on open source components for up to 90% of their code, creating a vast attack surface dominated by inhemalicious supply chain injections. High-profile inc...

The New Shape of Supply-Chain Trust

One poisoned extension, one package install, one CI workflow. Any of them can now be the first domino. That is the uncomfortable lesson from the latest Shai-Hulud activity and Git...

Spring News Roundup: First Release Candidates of Boot, Security, Integration, Modulith, AMQP

There was a flurry of activity in the Spring ecosystem during the week of April 20th, 2026, highlighting the first release candidates of: Spring Boot, Spring Security, Spring Integ...

How to Secure Secrets in CI/CD Pipelines

CI/CD pipelines are the foundation of modern software delivery. Every code change, no matter how small or large, always goes through automated build, test, and deployment workflows...

Anthropic Skill scanners passed every check. The malicious code rode in on a test file.

Picture this scenario: An Anthropic Skill scanner runs a full analysis of a Skill pulled from ClawHub or skills.sh. Its markdown instructions are clean, and no prompt injection is...

How to secure MCP tools on AWS for AI agents with authentication, authorization, and least privilege

Model Context Protocol (or MCP) makes it easier for AI agents to access your existing backend capabilities. It allows AI agents to have access to your system's call services and to...

Quantum-Resistant ML-KEM and ML-DSA in Java

Learn how to use quantum-resistant ML-KEM and ML-DSA in Java to securely establish a shared secret key. The post Quantum-Resistant ML-KEM and ML-DSA in Java first appeared on Bael...

The Open Source Advantage: Building from Source for Ultimate Security

<div><img width="300" height="157" src="https://blogs.vmware.com/wp-content/uploads/2026/05/vmw-blogtile-illustraion-tanzu-Customer_Industry-2.png...

Multi-Factor Authentication in Spring Security 7

Spring Security 7 introduces built-in support for multi-factor authentication, allowing developers to enforce multiple authentication steps using the existing authorization model....

ESX Security Advice that Actually Matters in 2026

Securing CI/CD Pipelines Against Supply Chain Attacks: Why Artifacts and Dependencies Matter More Than Ever

In highly automated engineering environments, the modern CI/CD pipeline has become a critical trust boundary. Every commit, build, and deployment represents an implicit decision to...

Security in the Age of MCP: Preventing "Hallucinated Privilege"

We have officially crossed the rubicon from "AI as a Chatbot" to "AI as an Operator." With the standardization of the Model Context Protocol (MCP) — the universal "USB-C for AI age...