DevSecOpsWhy SBOMs are not enough to manage modern software risksSaša ZdjelarSeptember 26, 2024SBOMs offer great insight into the software supply chain, but it takes strong controls to make the code secure. .
Network SecurityCritical vulnerabilities in Microchip ASF, MediaTek expose RCE risksSteve ZurierSeptember 23, 2024Security pros say teams should prioritize these two bugs because they potentially affect a wide range of IoT-based products.
Cloud SecurityTeamTNT aims to take down cloud-based Docker containers, Kubernetes clustersSteve ZurierSeptember 18, 2024Security pros say TeamTNT’s resurgence shows that attackers will always find new ways to attack the cloud.
DevSecOpsSeven ways to secure open-source softwareDavid BalabanSeptember 17, 2024Securing open-source software will take collaboration, innovation and a commitment to best practices.
Vulnerability ManagementGitLab patches bug that could expose a CI/CD pipeline to supply chain attackSteve ZurierSeptember 13, 2024Security pros called this GitLab patch an urgent one because an exploited CI/CD pipeline could lead to a serious supply chain compromise.
Network SecurityLazarus Group tricks developers to load malware via fake recruiting testsSteve ZurierSeptember 11, 2024Latest iteration from North Korean APT to lure job seekers to download malware.
AI/MLCopilot Autofix by GitHub launchesSC StaffAugust 27, 2024Copilot Autofix, which is integrated into the GitHub Advanced Security, uses GitHub’s CodeQL scanning engine and GPT-4o to detect and fix vulnerabilities in real-time.
Cloud SecurityTLS bootstrap attack gains access to Azure Kubernetes Services clusterSteve ZurierAugust 20, 2024While Microsoft has patched the issue, security pros warn that teams need to audit their AKS clusters.