Application Security | News, how-tos, features, reviews, and videos
Leaky Vessels container escape vulnerabilities in Docker runc and other container runtimes potentially break the isolation layer between container and host operating system.
A significant percentage of the 50,000 most-downloaded npm packages are deprecated or have a deprecated dependency but provide no warning.
The company also releases advisories for high-severity data leaks and denial-of-service issues across multiple products, including Jira and Confluence.
Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository.
GitGuardian's new free service lets organizations check for exposed secrets from a database of 20 million records.
The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks.
Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers.
Researchers use the OpenSSF Scorecard to measure the security of the 50 most popular generative AI large language model projects on GitHub.
Threat actors are concealing campaigns to evade detection and establish stronger footholds in compromised systems.
The threat actor created fake personas on Twitter for researchers at a non-existent security firm.