Popular Topics

Topics

About

Policies

Our Network

More

Security

Security | News, how-tos, features, reviews, and videos

news

GitHub upgrades tooling to help developers stop leaking secrets

Developers get free and targeted advanced secret scanning features on GitHub to protect organizations from exposed secrets.

Apr 3, 2025 3 mins
Data and Information Security GitHub Security
news

Google fixes GCP flaw that could expose sensitive container images

The flaw could allow attackers to access restricted container images, potentially leading to privilege escalation, data theft, and espionage attacks.

Apr 2, 2025 1 min
Cloud Security Containers Google Cloud Platform
news

Critical RCE flaws put Kubernetes clusters at risk of takeover

The vulnerabilities, dubbed IngressNightmare, can allow unauthenticated users to inject malicious NGINX configurations and execute malicious code into the Ingress NGINX pod, potentially exposing all cluster secrets and leading to cluster takeover.

Mar 26, 2025 1 min
Kubernetes Vulnerabilities
news

Open-source Styrolite project aims to simplify container runtime security

A programmable sandboxing tool, Styrolite locks down Linux kernel namespaces to provide lightweight sandboxes for container-based workloads.

Mar 26, 2025 4 mins
Application Security Containers Kubernetes
news

Warning for developers, web admins: update Next.js to prevent exploit

Install the latest version to close critical authorization bypass vulnerability.

Mar 25, 2025 3 mins
Development Tools Vulnerabilities Web Development
analysis

Google acquires Wiz: A win for multicloud security

With a holistic view geared toward preventing security breaches and integration with all major cloud providers, Wiz is a definite asset to the Google ecosystem.

Mar 25, 2025 5 mins
Cloud Security Google Cloud Platform Multicloud
feature

Learning AI governance lessons from SaaS and Web2

The governance journeys of SaaS and Web2 tell us that today’s ad hoc AI governance will give way to a continuous and automated approach.

Mar 24, 2025 6 mins
Data Governance DevSecOps Generative AI
news

Developers: apply these 10 mitigations first to prevent supply chain attacks

Current cybersecurity development risk frameworks don’t cover all of the tactics hackers used to compromise SolarWinds, log4j, or XZ Utils, says report, which offers a 'starter kit' of critical tasks.

Mar 20, 2025 6 mins
Development Approaches Devops Threat and Vulnerability Management
news

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.

Mar 19, 2025 5 mins
CI/CD Data Breach Developer
news

Thousands of open source projects at risk from hack of GitHub Actions tool

Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.

Mar 17, 2025 5 mins
Data Breach GitHub Vulnerabilities