Application Security | News, how-tos, features, reviews, and videos
The AI-powered OSS-Fuzz tool can help find vulnerabilities and be combined with an auto-patching pipeline.
A dependent action in Bazel could permit malicious code injection into a GitHub Actions workflow, highlighting risk from third-party dependencies.
Leaky Vessels container escape vulnerabilities in Docker runc and other container runtimes potentially break the isolation layer between container and host operating system.
A significant percentage of the 50,000 most-downloaded npm packages are deprecated or have a deprecated dependency but provide no warning.
The company also releases advisories for high-severity data leaks and denial-of-service issues across multiple products, including Jira and Confluence.
Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository.
GitGuardian's new free service lets organizations check for exposed secrets from a database of 20 million records.
The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks.
Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers.
Researchers use the OpenSSF Scorecard to measure the security of the 50 most popular generative AI large language model projects on GitHub.