Security

The Lapsus$ hacking group has breached both Okta and Microsoft, exposing critical weaknesses in identity provider security and third-party access management.

A popular npm package was deliberately sabotaged by its own maintainer, raising urgent questions about supply chain trust in open source.

As conflict erupts in Ukraine, destructive wiper malware targeting critical infrastructure signals a new chapter in state-sponsored cyber operations.

The Linux Foundation’s new Alpha-Omega Project, backed by Google and Microsoft, aims to systematically improve the security of critical open source software.

The White House convened tech leaders to address open source security after Log4Shell. Here’s what was discussed and what it means for developers.

A week after Log4Shell, the patching chaos continues. But the bigger lesson is about software supply chain security and why we need SBOMs now.

A critical remote code execution vulnerability in Apache Log4j has sent the entire industry scrambling. Here’s what you need to know and do right now.

Popular npm packages coa and rc were hijacked to distribute malware, impacting thousands of projects and raising urgent questions about supply chain security.

The popular ua-parser-js npm package was hijacked to deliver cryptominers and credential stealers, affecting millions of weekly downloads.

The OWASP Top 10 gets its first update since 2017, and the changes reflect how fundamentally our attack surface has evolved.

The OMIGOD vulnerabilities in Azure’s silently-installed OMI agent expose a troubling pattern: cloud providers deploying software on your VMs without your knowledge or consent.

The critical Confluence Server RCE vulnerability is being actively exploited in the wild, raising urgent questions about the sustainability of self-hosted enterprise software.