Imagine your go-to vulnerability scanner suddenly phoning home with your secrets. That's exactly what Trivy v0.69.4 did to unsuspecting users last week.
Yes, Semgrep is free. No, that doesn't mean it catches all your vulnerabilities. Here's the uncomfortable truth about what the open-source version can and can't do.
Docker's decision to open-source Hardened Images changes the security game for containerized applications. Here's what you need to know.
TeamPCP just demonstrated something terrifying: a worm that doesn't need human help to spread through open source ecosystems. It compromised npm tokens, poisoned packages, and used blockchain to stay untouchable.
A new supply-chain attack is hiding malicious code in plain sight using invisible Unicode characters. Traditional defenses? Completely useless.