TPM chips were supposed to be the unbreakable guardians of your PC's secrets. Turns out, they're vulnerable to interposer attacks — and Linux just patched the hole.
What if your SSH login name was secretly executing code? OpenSSH 10.3 just fixed that nightmare — plus more housekeeping that old servers won't like.
Open source maintainers are drowning in bugs — now Big Tech's dropping $100M in AI firepower to save them. Project Glasswing promises patches at scale, but skeptics wonder if it'll deliver.
Containers ship vulns faster than you can say 'supply chain attack.' GitLab's scanning suite — from CI jobs to vulnerability dashboards — aims to fix that, but does it scale for real-world chaos?
Your SAST scan just dumped 47 alerts. Forty are junk. GitLab 18.10's AI says it'll sort the mess—and even patch it for you. Really?
Over 1,000 NIST controls? GitLab said no thanks. They forged the GitLab Control Framework (GCF) from their own fiery needs, proving custom beats cookie-cutter in the security arena.
Linux insiders expected USB devices to stay a blind spot for kernel-level defenses. This hid-omg-detect driver flips the script, passively scoring shady plugs without blocking legit ones.
Imagine running your trusted vulnerability scanner—only for it to steal your cloud keys. That's what hit four open-source tools in March 2026, all via pipelines.
Security pros, picture this: no more endless manual dismissals of test-file vulns across 100 repos. GitLab's auto-dismiss policies automate the drudgery, freeing you for real threats.
Picture this: 3 a.m. outage, prod's on fire, and your go-to fix is cluster-admin access. It works — until the breach report lands in your lap.
A clever SQL feature in Grafana turned into a remote code execution nightmare. Patches are out, but the real question is how many exposed instances are still ticking.
Supply chain attacks hit CI/CD hard last year—tj-actions, Nx, trivy-action compromised. GitHub's firing back with lockfiles and centralized policies in its 2026 Actions roadmap.