5 Myths about CVEs
Anyone who works in the software industry knows that stigma can be attached to CVEs, or “common vulnerabilities and exposures” …
Open Source
Neglecting Open Source Developers Puts the Internet at Risk
From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, …
Hacking anything with GNU Guix
Perhaps my favourite feature of Guix is . It is one of those tools that I don’t know how to do …
15-Year-Old Python Bug Let Hacker Execute Code in 350k Python Projects
The cybersecurity researchers at Trellix have recently identified a 15-year-old Python bug that has been found to potentially impact …
Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)
Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 …
Security alert: new phishing campaign targets GitHub users
On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI …
WebAssembly’s Wasmtime 1.0 Revamps Security, Performance
The WebAssembly runtime Wasmtime version 1.0 has been released, with updates to improve the Wasmtime’s security posture and performance. …
350K Open-Source Projects At Risk of Supply Chain Vulnerability
Trellix has announced the establishment of the Trellix Advanced Research Center, a facility and project aimed at creating real–time …
Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign
Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. Redis, …
Open Source Repository Attacks Soar 700% in Three Years
The volume of malicious activity targeting upstream open source code repositories has hit triple-digit growth over the past three years, …
Shadow SaaS Integrations: A Growing Security Risk
The state of SaaS integration security has been top of mind for security practitioners of late, as SaaS-to-SaaS integrations are rapidly …
5 Ways Data Protection for Kubernetes Is Different
What are the differences between Kubernetes data protection and the more traditional data protection offerings, even though such products …
The Growing Security Risk of Shadow SaaS Integrations
The state of SaaS integration security has been top of mind for security practitioners of late, as SaaS-to-SaaS integrations are rapidly …
Security buzzwords to avoid and what to say instead
Technology is a little famous for coming up with “buzzwords.” Other industries do it, too, of …