Skip to main content

Tag: software security

43 articles

Cluttered software development workspace with laptop and monitor on a desk.

AI-Generated Code Exposes Governance Gaps in Security Debt

AI-generated code is being produced at alarming rates, but with a catch: nearly half of it contains security flaws, highlighting a pressing need for new approaches to managing security debt. As software creation accelerates, companies must adapt their security strategies to keep pace with the rapid accumulation of vulnerabilities.

Analyst 207
Software development workspace with laptop, notes, and diagrams, set against a blurred office background.

Governments Struggle to Secure Open-Source Software

The alarming reality is that years of underinvestment in open-source software security are catching up with us, with a new supply chain compromise emerging almost every week. A recent scan by Project Glasswing found over 6,000 high-risk vulnerabilities in popular open-source projects, but only a tiny fraction have been patched.

Analyst 207
Laptop on a neutral surface surrounded by cybersecurity and coding items in a bright lab setting.

OpenAI Bolsters Cybersecurity Push with GPT-5.5-Cyber Update

OpenAI just unveiled its latest game-changer: GPT-5.5-Cyber, a powerhouse model that supercharges vulnerability detection and patching, while retaining its impressive general-purpose intelligence. This cutting-edge update is part of a broader push to revolutionize software security.

Analyst 207
Dimly-lit data center with rows of computer workstations and server racks.

Open Source Faces Hard Fork Amid AI-Fueled Security Crisis

The open source community is facing a daunting security crisis fueled by AI, giving rise to a new category of threat dubbed "Mythos" - a complex chain of low-level issues that can be combined to create devastating attacks. This emerging threat is not just a single bug or false positive, but a game-changing phenomenon that demands immediate attention.

Analyst 207
Cluttered workshop with scattered electronics and concerned people.

Open Source Community Unprepared for EU's Cyber Resilience Act

The open source community is lagging behind on cybersecurity readiness, with stagnating awareness and a lack of preparedness for the EU's Cyber Resilience Act, which requires minimum security standards for hardware and software products by December 2027. It's time for urgent action to avoid falling short of compliance.

Analyst 207
Empty seats face a podium in a formal conference setting.

CISA Warns of Open-Source Vulnerabilities Amid Delayed Security Improvements

The open-source community's rapid vulnerability discovery is a pressing concern, with the tempo of exploitation accelerating and straining traditional defensive practices, according to CISA's acting director Nick Andersen. He warns that this situation will require hard security decisions to mitigate the risks to federal and private networks.

Analyst 207
Developer working on laptop in modern workspace with code snippets and technical diagrams nearby.

Microsoft Unveils AI-Powered Red Teaming Tools to Bolster Software Security

Microsoft is shifting the conversation around AI safety from philosophical debates to hands-on action, empowering developers to build more secure software with innovative tools. With the launch of Rampart, a cutting-edge red-teaming tool, the company is putting AI-powered security into practice, helping developers proactively identify and fix vulnerabilities.

Analyst 207
Researcher in lab setting interacts with complex AI technology setup.

Measuring AI Security Effectiveness Proves Elusive

Measuring AI security effectiveness is a complex challenge that can't be reduced to a single score or benchmark. Relying on benchmarks alone simply doesn't work when it comes to safeguarding AI systems.

Analyst 207
Rows of computer servers and coding workstations in a brightly-lit, neutral-colored software development environment.

Trellix Source Code Breach Exposes Repository Vulnerability

Trellix recently identified a security breach that compromised a portion of its source code repository, prompting an immediate investigation with leading forensic experts and notification of law enforcement. The company has assured that there's no evidence its source code release process was affected or exploited - yet.

Analyst 207
Researcher working on a project with a large monitor displaying an abstract representation in a clean lab setting.

Anthropic Expands Claude Security Model to Cybersecurity Platforms

Anthropic's Claude Security Model just got a major upgrade, now helping cybersecurity platforms detect and fix software flaws faster than ever. With its advanced capabilities, Claude Security provides detailed vulnerability explanations, confidence rankings, and even generates step-by-step patch instructions.

Analyst 207
Software developer's workstation with laptop, notes, and papers, set against a blurred office background.

Anthropic's AI Model Exposes Code Flaws, But Limitations Remain

Meet Mythos, a game-changing AI tool that automates code auditing with impressive accuracy, but isn't quite a magic bullet for uncovering entirely new software flaws. It's highly effective at spotting known vulnerabilities, but its capabilities are still limited to what humans have taught it.

Analyst 207
Person holding a blueprint of a bank vault in a modern office setting.

Cal.com Shifts Away From Open Source Amid AI-Driven Security Concerns

Cal.com is ditching open source, citing AI-driven security risks that make transparent code a liability. Its CEO claims open source is dead, as AI tools empower attackers to exploit published code like never before.

Analyst 207
Robotic arm repairs cracks in shield against dark background with glowing circuits.

AI Bolsters Software Security with Enhanced SAST Accuracy

Can artificial intelligence revolutionize software security by supercharging SAST accuracy and making testing a breeze for developers? By harnessing the power of AI, organizations can potentially transform the way they identify and fix vulnerabilities, without slowing down their software builders.

Analyst 207
Axios Backdoor: Critical npm Supply Chain Attack Unleashes Devastating RAT Malware

Axios Backdoor: Critical npm Supply Chain Attack Unleashes Devastating RAT Malware

A single compromised account has triggered a critical supply chain attack on Axios, a widely-used JavaScript library, unleashing devastating RAT malware and putting millions of developers worldwide at risk. This shocking breach highlights the urgent need for more stringent security measures to protect our global software ecosystem.

Analyst 207
LLMs Find Zero-Days Faster: Stunning, Dangerous Shift

LLMs Find Zero-Days Faster: Stunning, Dangerous Shift

Large language models are now reading and reasoning about code like expert researchers, pinpointing high‑severity zero‑days without the fuzzing and harnesses security teams rely on. That leap from brute‑force probing to targeted, pattern‑based discovery could make supposedly hardened software suddenly vulnerable—and forces defenders to rethink their playbook.

Analyst 207
Red Hat repositories Exclusive Critical Leak

Red Hat repositories Exclusive Critical Leak

Red Hat is scrambling after a hacking group called the Crimson Collective claims to have leaked roughly 570 GB from about 28,000 private repositories — including source code, internal notes and customer documents — a breach that could upend supply chains and privacy protections. If confirmed, assume exposure: rotate credentials, audit CI/CD and follow Red Hat’s guidance while investigators work to assess the full scope.

Analyst 207
XCSSET malware: Stunning, Dangerous Supply-Chain Threat

XCSSET malware: Stunning, Dangerous Supply-Chain Threat

Microsoft warns that XCSSET — a persistent macOS malware — has evolved to hide inside Xcode project files, so compromised developer builds can silently steal crypto, disable defenses, and spread to users. Developers and teams should lock down build environments, tighten project integrity checks, and treat supply‑chain security as mission‑critical to keep apps and users safe.

Analyst 207
Web Help Desk Critical Patch: Must-Have Fix for Risky RCE

Web Help Desk Critical Patch: Must-Have Fix for Risky RCE

SolarWinds has released a third hotfix for a critical CVSS 9.8 RCE in Web Help Desk, forcing admins to weigh urgent patching against potential operational disruption. Verify your version, apply the hotfix, and isolate helpdesk services now to shrink the attack window.

Analyst 207
supply chain attack: Stunning Near-Miss, Risky Lessons

supply chain attack: Stunning Near-Miss, Risky Lessons

A fast, coordinated open‑source response helped avert what could have been a massive npm supply‑chain breach, but the near miss raises urgent questions for developers, maintainers and policymakers about dependency hygiene, registry controls and long‑term resilience.

Analyst 207
crypto phishing Shocking Supply-Chain Nightmare

crypto phishing Shocking Supply-Chain Nightmare

One phishing click that reset a maintainer’s 2FA let attackers slip backdoors into at least 18 popular npm packages — including debug and chalk — turning trusted libraries into supply-chain landmines. It’s a wake-up call: human error can ripple through the entire ecosystem, so stronger authentication, multi-person publishing, and tighter dependency hygiene can’t wait.

Analyst 207
software procurement Must-Have Guide: Essential Security

software procurement Must-Have Guide: Essential Security

CISA’s new Software Acquisition Guide Web Tool puts buyers back in control of supply‑chain risk with practical checklists, vendor assessment criteria and contract language to make secure software purchasing repeatable and auditable. If adopted thoughtfully, it can turn procurement from a blind spot into a frontline defense—though success will hinge on implementation, resources and market incentives.

Analyst 207
Secure Software Development: Must-Have Best Practices

Secure Software Development: Must-Have Best Practices

Worried about the security of the software we all depend on? Join NIST NCCoE’s interactive DevSecOps virtual event on August 27, 2025, to hear experts, learn practical secure development practices, and help turn security from an afterthought into a foundation for every project.

Analyst 207
Microsoft SharePoint Under Zero-Day Attack Despite Patch Failures

Microsoft SharePoint Under Zero-Day Attack Despite Patch Failures

In a digital world where collaboration is key, a troubling zero-day vulnerability in Microsoft SharePoint has left users vulnerable and questioning the reliability of their trusted platforms. With critical systems at risk and past patch failures haunting stakeholders, its time to address the urgent need for accountability in software security.

Analyst 207
June 2025 Patch Tuesday: Must-Have Critical Fixes

June 2025 Patch Tuesday: Must-Have Critical Fixes

June’s Patch Tuesday addresses 67 vulnerabilities across Windows, Office and related products — including at least one actively exploited — so patching isn’t optional anymore. Prioritize internet-facing and critical systems, apply temporary mitigations if needed, and reboot promptly to close the window for attackers.

Analyst 207