Why AI and cloud-native are security game-changers
Yesterday's security practices can't tackle today's risks, a new CSA guide notes — making updating tooling essential.
Featured
Why AI and cloud-native are security game-changers
New Shai-hulud worm spreads: What to know
A wave of malware has spread to 795 npm packages — and been downloaded more than 100 million times.
RL Threat Intelligence: Context Changes Everything
Learn how the ReversingLabs Browser Extension operationalizes RL threat intelligence cloud in powerful ways.
Latest
Why AI and cloud-native are security game-changers
Yesterday's security practices can't tackle today's risks, a new CSA guide notes — making updating tooling essential.
RL Threat Intelligence: Context Changes Everything
Learn how the ReversingLabs Browser Extension operationalizes RL threat intelligence cloud in powerful ways.
New Shai-hulud worm spreads: What to know
A wave of malware has spread to 795 npm packages — and been downloaded more than 100 million times.
Bootstrap script exposes PyPI to domain takeover attacks
Proving the road to takeover is paved with setuptools alternatives, the script for a popular Python package for building and installing PyPI packages leaves them vulnerable.
OWASP Top 10 tackles supply chain risk
The Open Worldwide Application Security Project’s widely used AppSec priority list is expanding to cover systemic risk.
Software quality's decline: How AI accelerates it
Development is in freefall toward software entropy and insecurity. Can spec-driven development help?
CTEM advances vulnerability management
Gartner's Continuous Threat Exposure Management model represents an evolution from CVSS. Here’s what you need to know.
Vet PowerShell Modules with Spectra Assure Community
PowerShell's broad use and open access make it an attractive target for supply chain attacks. Here's how Spectra Assure Community can help.
AI vulnerability reporting fails maintainers
Google and others are inundating developers with AI-driven reporting. Are AI-enabled fixes the answer?
MITRE ATT&CK v18: What’s in it — and why it matters
Learn what’s been added to the framework — and how you can use it to advance your threat detection and response.
New AI security tool lays out key exposures
Risk Rubric gives assessments for LLM transparency, security and more. But it's only one tool in your AI security toolbox.
Evaluating YARA Rules for macOS Malware Hunting
With this evolving malware domain, you need clear, specific, and accurate YARA rules. Here's how Spectra Analyze can help.
How PowerShell Gallery simplifies attacks
PowerShell Gallery’s Install-Module command presents one key link in the kill chain of a possible attack.
Why core security controls for vibe coding are critical
Vibe coding is not going away — and the threat is real. But are developer tools like VibeSec that shift controls left up to the job?
AI is ramping up coding velocity — and risk
AI is producing code up to four times faster — but with 10 times more AppSec lapses. Here’s what you need to know.