An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...

The XZ attack is a backdoor that reminds us our biggest open-source security threats are from decades of unlearned lessons.

Comet, Perplexity's new AI-powered web browser, recently suffered from a significant security vulnerability, according to a ...

With the addition of Intruder Cloud Security for Google Cloud Platform, customers can now run daily automated cloud scans and receive results directly alongside their existing vulnerability scanning ...

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source community ...

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

The Shai-Hulud NPM worm highlights rising open-source supply chain threats. Secure builds with SBOMs, MFA, signed packages, and zero-trust defenses.

Cybercriminals are using a legitimate red teaming tool to automate the exploitation of n-day vulnerabilities, reducing the time businesses have to fix flaws from days to literal minutes.

A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...

MalTerminal, created before Nov 2023, shows earliest LLM-embedded malware, signaling new AI-driven cyber threats.