Cloud SecurityMalicious Python package collects AWS credentials via 37,000 downloadsSteve ZurierNovember 7, 2024Socket researchers say malicious package "Fabrice" has been live on PyPI since 2021.
IdentityOkta to help developers integrate identity management into AI customer agentsShaun NicholsOctober 17, 2024Okta is adding new tools to help companies manage and secure their AI-based agents
Network SecurityCommand-jacking used to launch malicious code on open-source platformsSteve ZurierOctober 14, 2024Attackers hijack legitimate commands and run malicious code to launch supply chain attacks.
DevSecOpsWhy SBOMs are not enough to manage modern software risksSaša ZdjelarSeptember 26, 2024SBOMs offer great insight into the software supply chain, but it takes strong controls to make the code secure. .
Network SecurityCritical vulnerabilities in Microchip ASF, MediaTek expose RCE risksSteve ZurierSeptember 23, 2024Security pros say teams should prioritize these two bugs because they potentially affect a wide range of IoT-based products.
Cloud SecurityTeamTNT aims to take down cloud-based Docker containers, Kubernetes clustersSteve ZurierSeptember 18, 2024Security pros say TeamTNT’s resurgence shows that attackers will always find new ways to attack the cloud.
DevSecOpsSeven ways to secure open-source softwareDavid BalabanSeptember 17, 2024Securing open-source software will take collaboration, innovation and a commitment to best practices.
Vulnerability ManagementGitLab patches bug that could expose a CI/CD pipeline to supply chain attackSteve ZurierSeptember 13, 2024Security pros called this GitLab patch an urgent one because an exploited CI/CD pipeline could lead to a serious supply chain compromise.
