Security

A Dune-themed malware campaign targeting the PyTorch Lightning library highlights how AI/ML supply chains are becoming prime targets for sophisticated attacks.

Nearly two years after the xz Utils backdoor shocked the open source world, the supply chain security landscape has changed — but not enough.

Supply chain security frameworks like SLSA and SBOM requirements are moving from recommendations to mandates. Here’s what developers need to know about the shifting landscape.

NIST’s post-quantum cryptography standards are finalized, and the migration timeline is no longer theoretical — it’s operational.

A supply chain attack on the popular Ultralytics YOLO package highlights the persistent vulnerability of the Python ecosystem’s distribution pipeline.

November’s Patch Tuesday brought critical zero-days being actively exploited, reminding us that patch management is still the unglamorous foundation of security.

CISA’s Secure by Design initiative is moving from voluntary pledges to measurable industry impact, and software vendors are starting to feel the pressure.

The EU’s latest push to scan encrypted messages reignites the fundamental debate about whether governments can mandate backdoors without destroying security for everyone.

AWS re:Inforce 2025 puts AI workload security front and center, with new guardrails, identity controls, and data protection features that signal where cloud security is headed.

Another wave of malicious npm packages reminds us that JavaScript’s dependency ecosystem remains one of software’s biggest security challenges.

A surge of active exploitation targeting Fortinet and Ivanti edge devices highlights the persistent vulnerability of network perimeter infrastructure.

CVE-2025-1974 and related vulnerabilities in the Kubernetes ingress-nginx controller allow unauthenticated remote code execution, affecting an estimated 40% of Kubernetes clusters.