AppSec Santa Weekly

New AppSec tools and the latest releases from 196+ existing ones — delivered every Tuesday. Be the first to know what shipped.

Latest Issues

Newsletter Mar 31, 2026 · 22 releases tracked

#3 — TeamPCP Hits Five Ecosystems, Axios Gets Hijacked, Agentic Security Goes Mainstream

Week of March 25-31, 2026: TeamPCP compromises LiteLLM, Telnyx, Checkmarx KICS. axios npm hijacked (~100M weekly downloads). SonarQube 2026.2 with AI CodeFix. OSV-Scanner v2.3.5 adds Python transitive scanning. Frida 17.9 brings eBPF spawn gating. 22 releases across 6 categories.

Newsletter Mar 24, 2026 · 25 releases tracked

#2 — RSAC 2026 Opens: AI Agent Security Dominates, Trivy Compromised Twice

Week of March 17-24, 2026: RSAC 2026 opens with AI agent security from Snyk, CrowdStrike, Microsoft, Palo Alto. Trivy GitHub Action compromised twice via tag poisoning. Semgrep Multimodal launches. Google completes $32B Wiz deal. 25 releases across SCA, IaC, SAST, Mobile, ASPM.

Newsletter Mar 17, 2026 · 29 releases tracked

#1 — OpenAI Acquires Promptfoo, SCA Leads with 9 Releases

First issue: OpenAI acquires Promptfoo, Mondoo raises $17.5M and ships v13, Gatekeeper v3.22 flips a production default, and SCA leads all categories with 9 releases.

What's Inside Each Issue

New

New on the Radar

Newly released tools and projects gaining traction fast.

Hot

Notable Releases

One line each — scan in 30 seconds, click what matters.

By Category

SAST, SCA, DAST & More

What changed in each category, with context on why it matters.

Trending

Star Watch

GitHub star movements, trending repos, rising projects.

Worth Reading

Curated Links

Blog posts, talks, research from the wider security community.

All Issues

Mar 31, 2026

#3 — TeamPCP Hits Five Ecosystems, Axios Gets Hijacked, Agentic Security Goes Mainstream

22 releases Mar 24, 2026

#2 — RSAC 2026 Opens: AI Agent Security Dominates, Trivy Compromised Twice

25 releases Mar 17, 2026

#1 — OpenAI Acquires Promptfoo, SCA Leads with 9 Releases

First issue: OpenAI acquires Promptfoo, Mondoo raises $17.5M and ships v13, Gatekeeper v3.22 flips a production default, and SCA leads all categories with 9 releases.

29 releases

About This Newsletter

AppSec Santa Weekly is a free weekly newsletter that tracks new application security tools and the latest releases from 196+ existing ones across 10 categories. Each issue covers what shipped, what changed, and why it matters.

I built this for security engineers, DevSecOps teams, and anyone who wants to stay current on AppSec tooling without spending hours digging through GitHub releases and vendor blogs every week. I was already doing this research for AppSec Santa — the newsletter packages it into a 3-minute Tuesday read.

Frequently Asked Questions

What does AppSec Santa Weekly cover?

Each issue covers newly launched AppSec tools, version updates, and notable releases across 10 categories: SAST, SCA, DAST, IAST, RASP, AI Security, API Security, IaC Security, ASPM, and Mobile Security. I also highlight what changed, why it matters, and curated links worth reading.

How often is the newsletter published?

Every Tuesday. Each issue takes about 3 minutes to read. I cover the previous week's new tools and releases.

Who writes AppSec Santa Weekly?

I'm Suphi Cankurt — I've spent over 10 years in application security and I run AppSec Santa, an independent comparison site covering 196+ security tools. The newsletter is an extension of that research.

Is the newsletter free?

Yes, completely free. No premium tier, no paywalled content. I built this because I was already tracking these releases for AppSec Santa — the newsletter is just that research packaged into a weekly format.

Don't miss the next issue

Stay current on AppSec tools without the noise. Every Tuesday, 3 minutes.