Cybersecurity

A compromised GitHub Action exposed secrets from thousands of repositories, highlighting how CI/CD pipelines have become prime targets for supply chain attacks.

With Kubernetes pushing security features to GA and CISA issuing container hardening guidance, the container ecosystem is growing up on security. Here’s what matters for platform teams.

The Chinese state-sponsored Salt Typhoon campaign breached the US Treasury Department, exposing how even the most security-conscious organizations remain vulnerable.

The Salt Typhoon campaign has compromised major US telecoms at a staggering scale. What developers and architects need to understand about this ongoing threat.

The Salt Typhoon campaign has compromised major US telecom providers, exposing the fragility of critical infrastructure and the growing sophistication of state-sponsored cyber operations.

A chain of vulnerabilities in CUPS, the Linux printing system, enables remote code execution — and highlights how forgotten infrastructure becomes a security liability.

NIST has published its first three finalized post-quantum cryptography standards. Here’s what developers need to know and do.

A faulty CrowdStrike Falcon sensor update has caused one of the largest IT outages in history, bricking millions of Windows machines worldwide.

CVE-2024-6387 reveals a critical remote code execution flaw in OpenSSH, and it’s a regression from a fix made back in 2006.

The polyfill.io domain was acquired by a Chinese company and began injecting malware into over 100,000 websites, exposing fundamental weaknesses in how we trust third-party CDN dependencies.

Microsoft pulls Windows Recall from the upcoming Copilot+ PC launch after security researchers demonstrate alarming vulnerabilities in the feature’s data storage.

RSA Conference 2024 kicks off in San Francisco with AI dominating every conversation. But beneath the marketing buzz, there are real security challenges emerging that practitioners need to face.