In-depth coverage of the latest Security & Privacy developments, trends, and analysis — curated daily.
Mark Russinovich feeds vintage Apple II binary to an AI. It labels the code, explains the logic, spots a sneaky bug. Open source suddenly looks like the only sane bet.
You're knee-deep in a repo, commit a stray API key, and bam—GitHub's secret scanning lights up like a Christmas tree. But is this savior suite really as straightforward as it seems?
Nine kernel bugs in AppArmor—hidden since 2017—let unprivileged users become root, bust out of containers, and crash entire systems. Over 12 million enterprise Linux instances are exposed. Here's what you need to know (and patch) today.
npm audit passed the event-stream package 847 times before it stole cryptocurrency wallets. A new Rust-based scanner is changing how developers think about dependency safety.
Bots are scanning your server's default SSH port this very second. Here's how to lock down Linux infrastructure before they get in.
Forget spy-free promises from Big Tech. Maple Linux 1.4, straight from Ontario, boots clean and respects your data like a true northerner.
A developer built a free VS Code extension after nearly pushing a live Stripe key to GitHub. EnvGuard now catches 30+ types of secrets before they escape into the wild.
GitHub's March 2026 update isn't just another incremental feature drop. It's a signal that secret detection is finally catching up to how developers actually build—with AI.
The maintainer of ESLint just laid bare what developers won't say publicly: npm—the backbone of JavaScript—is held together with duct tape and good intentions. And GitHub's recent security push? Not nearly enough.
TeamPCP just demonstrated something terrifying: a worm that doesn't need human help to spread through open source ecosystems. It compromised npm tokens, poisoned packages, and used blockchain to stay untouchable.
A new supply-chain attack is hiding malicious code in plain sight using invisible Unicode characters. Traditional defenses? Completely useless.
Security cannot be an afterthought. These open source tools provide application scanning, container security, runtime protection, and more, all without vendor lock-in or license fees.