Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.

A critical vulnerability was recently discovered in Imunify360 AV, a security scanner used by web hosting companies to protect over 56 million websites. An advisory by cybersecurity company Patchstack ...

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate ...

OpenAI has launched Codex Security, an AI-powered vulnerability scanner, in research preview for ChatGPT Pro, Enterprise, and Edu users. Formerly known as Aardvark, the tool aims to reduce false ...

Kaspersky observed a threat actor called ToddyCat abusing a bug in ESET's cybersecurity solution The group used a now-patched flaw to deploy a piece of malware called TCESB Users are advised to patch ...

Cloud environments are dynamic by design. New identities are created, policies adjusted, and workloads deployed or retired several times a day. Yet many organizations continue to rely on scanning and ...

Enkrypt AI unveils MCP Scanner following analysis of 1,000 MCP servers that revealed alarming security gaps. Researchers uncovered a malicious Postmark MCP server that silently exfiltrated every email ...

State and local government IT teams face a constant flood of vulnerability alerts. With tens of thousands of new common vulnerabilities and exposures (CVEs) published every year, security teams must ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

It's not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were ...

In software development, security reviews often act as a bottleneck. While AI agents are helping developers write code faster than ever, the teams responsible for checking that code for ...