The biggest supply-chain attacks in 2024, Top 10 web hacking techniques, whoAMI: A cloud image name confusion attack, Malicious Code & Vulnerabilities
RapidFort's Community Images: A Cost-Effective Solution for Enhanced Container Security Management
Measuring LLM Package Hallucination, Reviving Abandoned S3 Buckets, Maven begins validating Sigstore signatures, and Go Module Proxy cache abuse
I have a new Job! OSS usage trends, us-east-1.com DNS insights, CVEs for EOL versions, Palantir's security practices, OSS health checks, OSV-Scanner v2.0.0-beta1
Executive Order 14144, Homebrew warnings, Google’s Patch Rewards, StackOverflow's decline, GitHub antics, and insights on the Cyber Resilience Act
Exploring OSS Vulnerabilities, Google’s OSV Growth, GitHub Actions Security, Snyk's Controversy, CNCF Fuzzing Insights, and More
Explore the public availability of affected functions for OSS vulnerabilities and why vendors are spending millions to build private datasets.
Veracode Acquires Phylum, AWS RCE Vulnerabilities, Elastic CVE Reduction, 2024 CVE Review, PyPI Quarantine, Bundler Checksums, Python Malware Detection
Happy New Year! GitHub Cache-Native Malware, Hijacking Chrome Extensions, 2024 Blog Recap, Microsoft using third-party domains
GitHub tackles workflow vulnerabilities, finding undisclosed vulnerabilities using LLMs, container image signing, chasing quality OSS license data, OSS funding report
