As more organizations shift to cloud-native application development to support new business features and digital transformation initiatives, software supply chain issues have become more...

Many vulnerabilities that ransomware operators used in 2022 attacks were years old and paved the way for the attackers to establish persistence and move...

In the world of security, there is no completely secure application or piece of software. At any point in time, a new vulnerability can...

As we pass the first anniversary of the Log4j vulnerability disclosure, it's a timely reminder that when a vulnerability is serious, it deserves our...

by Paul Ducklin PyTorch is one of the most popular and widely-used machine learning toolkits out there. (We’re not going...

Can we build a defensible Internet? To improve the security of the Internet and the cloud applications it supports in 2023, we need to...

The security industry collectively loses its mind when new vulnerabilities are discovered in software. OpenSSL is no exception, and two new vulnerabilities overwhelmed news...

A subgroup of the state-backed Iranian threat actor Cobalt Mirage is using a new custom malware dubbed "Drokbk" to attack a variety of US...

YOKOHAMA, Japan, Dec. 5, 2022 — The Open Source Security Foundation (OpenSSF), a cross-industry organization hosted at the Linux Foundation that brings together the world’s...

The Log4j vulnerability continues to present a major threat to enterprise organizations one year after the Apache Software Foundation disclosed it last November —...

A family moves into their dream home, only to be plagued by ominous letters, a strange tenant, and sinister threats. Sound familiar?It should. This...

An unpatched VMware Horizon server allowed an Iranian government-sponsored APT group to use the Log4Shell vulnerability to not only breach the US Federal Civilian Executive Branch...