On March 31, 2026, the cybersecurity community faced a major wake-up call when a widely trusted … Axios npm Supply Chain Attack: Detection, Risks, and Mitigation Guide Read more
CI/CD security
CanisterWorm Spreads Through npm Accounts Stealing Tokens
A new supply chain malware campaign called CanisterWorm is targeting the npm ecosystem by compromising publisher … CanisterWorm Spreads Through npm Accounts Stealing TokensRead more
AstraZeneca Data Breach – LAPSUS$ Allegedly Selling Internal Data
The hacking collective LAPSUS$ has resurfaced, claiming responsibility for a breach involving pharmaceutical giant AstraZeneca. The … AstraZeneca Data Breach – LAPSUS$ Allegedly Selling Internal DataRead more
87% of Organizations Exposed: Known Exploited Vulnerabilities in Active Software
Datadog’s State of DevSecOps 2026 report delivers one of the clearest warnings yet: 87% of organizations … 87% of Organizations Exposed: Known Exploited Vulnerabilities in Active SoftwareRead more
Ruby Deserialization Vulnerability Enables RCE in Workers
A newly disclosed Ruby deserialization vulnerability in background job workers demonstrates how a single unsafe function … Ruby Deserialization Vulnerability Enables RCE in WorkersRead more
GitLab Security Vulnerabilities Expose 2FA Bypass and DoS Risks
In modern DevSecOps environments, GitLab often sits at the heart of the software supply chain—managing source … GitLab Security Vulnerabilities Expose 2FA Bypass and DoS RisksRead more
GitHub Actions Exploited by Shai Hulud v2 to Steal Secrets
The software supply chain faces a new and sophisticated threat: Shai Hulud v2, a malware campaign … GitHub Actions Exploited by Shai Hulud v2 to Steal SecretsRead more
CNAPP vs. CSPM: How to Choose the Right Cloud Security Tool for Your Organization
As cloud adoption accelerates, securing dynamic and distributed cloud environments has become more complex than ever. … CNAPP vs. CSPM: How to Choose the Right Cloud Security Tool for Your OrganizationRead more