Modal Title
STORIES BY Steven J. Vaughan-Nichols
Synopsys’s Report: What Apps Don’t Have Security Holes?!
Oxeye Finds Bad Spotify Backstage JavaScript Vulnerability
The Dropbox GitHub Data Breach
Kubernetes Networking Bug Uncovered and Fixed
Need to Sign Your Code and Haven’t a Clue? Sigstore Can Help
PurpleUrchin: GitHub Actions Hijacked for Crypto Mining
Caliptra: Building Cloud Security from the Chip up
Alpha-Omega Dishes out Cash to Secure Open Source Projects
Rust in the Linux Kernel
Kubernetes Has a ‘Windows Running as Root’ Problem
Uber Hack: It’s the Simple Things That Kill Your Security
Shikitega: New Malware Program Targeting Linux
OpenSSF Brings SBOM and SDPX to Python
NSA Software Supply Chain Guidance
Ubuntu Linux and Azure DNS Problem Gives Azure Fits
Roblox and Discord Become Virus Vectors for New PyPI Malware
Google Cloud Stops Monster DDoS Attack
Okta: Zero Trust Adoption Accelerates
Intel SGX: Not So Safe After All, ÆPIC Leak
Google Ups Its Linux Security Awards
It’s Time to Normalize Cyberattack Data
Npm to Adopt Sigstore for Software Supply Chain Security
GitHub Repositories Weren’t Hacked
Aqua Security Puts Its Money Where Its Claims Are
The US Govt and Corps Look to Fill 700K Cybersecurity Jobs
Log4j: The Pain Just Keeps Going and Going
AWS Customers Can Now Order a Free MFA Security Key
OpenSSL Heap Memory Corruption Vulnerability Fixed