AI's integration across enterprise platforms is "rapidly expanding the global attack surface." Here are five action items for your team.
Read More about Securing generative AI: 5 action items to protect your organization
AppSec experts and software risk managers say doing security checks earlier isn't enough. Here's why — and what else organizations should do.
Read More about Going beyond 'shift left': Why shared responsibility is key to risk management
The study, from the Linux Foundation, OpenSSF, and Harvard, highlights key open-source risk areas. Here's what you need to know.
Read More about Census III study spotlights ongoing open-source software security challenges
Here's what's driving the compliance-as-security trend — and why it's essential to go beyond checkbox cybersecurity amid a rapidly changing threat landscape.
Read More about Compliance as cybersecurity: A reality check on checkbox risk management
Here’s what the 2024 8-K security-incident filings are all about, lessons to be learned — and the bigger picture for cybersecurity.
Read More about SEC cybersecurity disclosures and lessons to be learned: A timeline
To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.
Read More about A new playground: Malicious campaigns proliferate from VSCode to npm
Ransomware kept its stride in 2024. In 2025, threat actors are moving toward targeting key parts of the software supply chain. Here are key lessons.
Read More about The year in ransomware: Security lessons to help you stay one step ahead
Hacks of rspack, vant highlight the growing trend of cryptomining compromises spreading via top open-source packages.
Read More about OSS in the crosshairs: Cryptomining hacks highlight key new threat
The new NCSC lead warned that cybersecurity risk is 'widely underestimated.' But experts say AI could close the gap — if the industry comes together.
Read More about U.K. cybersecurity chief warns of gap between risks and defenses
Four firms have been fined for playing down how the SolarWinds attack impacted them. It’s part of a government push for greater supply chain transparency.
Read More about SEC action raises the bar on software transparency
Google researchers using OSS-Fuzz have identified 26 vulnerabilities, but experts warn that AI fuzzing is not a panacea for AI/ML security.
Read More about AI-based fuzzing targets open-source LLM vulnerabilities
A compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware.
Read More about Compromised ultralytics PyPI package delivers crypto coinminer
Whether it is managing a data lake, orchestrating CI/CD pipelines, or safeguarding data, your security needs are evolving — and so must your strategy.
Read More about Secure Your AWS Environments: Go Beyond Traditional Tooling in 2025
Two recent versions of the Solana web3.js open source library were infected with code to steal private keys, putting crypto platforms and wallets at risk.
Read More about Malware found in Solana npm library raises the bar for crypto security
The RL community's search interface allows software development teams to quickly assess risk before choosing or updating open source NuGet packages.
Read More about .Net Devs Can Now Vet NuGet Packages with the Spectra Assure Community