BTMOB RAT Spreads Across Brazil, LatAm via MaaS Model
An advanced remote access Trojan is propagating online. Notably, it's delivered via an operator licensing model and features a no-code malware-development interface.
No-code platforms can speed development but may introduce insecure workflows, excessive permissions, and data exposure when security controls are overlooked.
Search across headline titles and summaries.
Background for this topic.
No-code is software development through visual builders, forms, workflows, and pre-built components rather than hand-written application code. It lets non-specialists create internal tools, automate business processes, and connect services, while the platform usually operates the underlying runtime and infrastructure. The term can include low-code products, but this tag focuses on applications built with little or no custom programming.
Security risk often shifts from source-code flaws to configuration, identity, and data-flow decisions. A rapidly created app may expose sensitive records through excessive permissions, weak authentication, public sharing, or an unsafe third-party integration; embedded scripts, connectors, and uploaded secrets can also expand the attack surface. Security teams should maintain an inventory of no-code apps and their owners, review permissions and data retention, enforce approved connectors and secret handling, and assess vendor controls. Testing should cover authorization and workflow abuse, while logging and documented ownership support vulnerability remediation and incident response.
Weekly headline count for the current query.
An advanced remote access Trojan is propagating online. Notably, it's delivered via an operator licensing model and features a no-code malware-development interface.
BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. [...]
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.
Identity Governance doesn't have to be complex or costly. tenfold's free Community Edition helps orgs (up to 150 users) streamline onboarding, access reviews & M365 permissions — all with a no-code IGA platform. [...]
Securing the no-code supply chain isn't just about mitigating risks — it's about enabling the business to innovate with confidence.
No-code and low-code platforms offer undeniable benefits. But when security is an afterthought, organizations risk deploying vulnerable applications that expose sensitive data and critical systems.
Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.
While low-code/no-code tools can speed up application development, sometimes it's worth taking a slower approach for a safer product.
As the adoption of LCNC grows, so will the complexity of the threats organizations face.
Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.
New Funding to Aid US Government Growth, Generative AI Security Product DevelopmentZenity has closed a $38 million Series B round to advance its agentic AI security platform and extend its no-code and low-code application support. With investment from Third Point Ventures and DTCP, the funding enables Zenity to cater to clients in sectors like financial services and healthcare.
Low-code/no-code (LCNC) and robotic process automation (RPA) have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly using platforms like Microsoft PowerApps, UiPath, ServiceNow, Mendix, and OutSystems? The simple truth is often swept under
Criminal IP, a leading Cyber Threat Intelligence search engine, has formed a powerful alliance with Tines, a renowned provider of no-code automation solutions. [...]
Nokod Security is building a platform that enables organizations to secure in-house low-code/no-code custom applications by scanning for security and compliance issues and applying remediation policies
Blink Copilot - a true no-code platform for automating security and IT operations workflows. It is now possible for any security professional to generate automated workflows by just typing a prompt. [...]
With the introduction of generative AI, even more business users are going to create low-code/no-code applications. Prepare to protect them.
Getting a handle on the new risks facing appsec by low-code/no-code development patterns
How can we build security back into software development in a low-code/no-code environment?
No-code has lowered the barrier for non-developers to create applications. AI will completely eliminate it.