Expert perspectives on application security, compliance, and emerging threats
StandardsThe Telnyx SDK compromise on PyPI presents your security team with a critical decision: do you restrict package installation at the perimeter, or do you allow flexibility and invest in runtime detecti
IncidentOn March 19, 2026, TeamPCP compromised Aqua Security s Trivy vulnerability scanner—a tool millions of developers rely on to find security flaws. The attackers didn t exploit a zero-day in the scanner
IncidentWhat Happened Mass exploitation of the PolyShell vulnerability in Magento Open Source and Adobe Commerce began on March 19th. Within days, attackers compromised 56.7% of all vulnerable stores. The att
IncidentWhat Happened Between late 2024 and early 2025, attackers compromised the Trivy vulnerability scanner s supply chain by stealing npm publish tokens. They backdoored more than 29 packages that Trivy de
Get weekly security insights and compliance updates delivered to your inbox.
IncidentWhat Happened Security researchers at Sansec discovered a critical vulnerability in Magento s REST API, designated PolyShell, that allows attackers to upload malicious files to e-commerce sites withou
IncidentWhat Happened On March 19, 2026, attackers compromised Aqua Security s Trivy vulnerability scanner through GitHub Actions. Trivy, with over 32,000 stars on GitHub, is a critical dependency in thousand
GeneralThe Conventional Wisdom Federal agencies are embracing OMB M-26-05 , which promises a shift from checkbox compliance to risk-based validation. This move aims to replace rigid, one-size-fits-all mandat
IncidentWhat Happened A recent campaign by the North Korean threat actor group Famous Chollima involved the publication of 26 malicious packages to the npm registry. These packages deployed a cross-platform r
IncidentThe Surge in API Attacks In the first half of 2025, small and medium-sized businesses (SMBs) faced over 1.45 billion attacks, with API-targeted exploits increasing 74 times compared to previous period
StandardsThe Challenge Your platform engineering team might be managing multiple Kubernetes clusters across various environments. A common issue is policy chaos. One team adopted Kyverno as their policy engine
GeneralYour security team is debating whether to block AI-enabled browsers like Arc, Brave with Leo, or Edge with Copilot. Someone proposes an outright ban. The compliance team wants to add it to the accepta
StandardsThese questions arise from recent experiences with contractors navigating the implications of the Cybersecurity Maturity Model Certification (CMMC) for their supplier relationships. With the Departmen
Vendor NewsYour procurement team just forwarded another AI model announcement. The vendor promises breakthrough speed, unbeatable pricing, and enterprise-grade everything. Your security architect wants to pilot
StandardsThe Challenge Security scanning tools often generate excessive noise. Your team is likely familiar with this issue. A typical enterprise application security (AppSec) program runs static application s
StandardsYour AI coding assistant just suggested a library. Your developer accepted it. Your codebase now includes a new dependency with 47 transitive dependencies, three of which have known CVEs. This happene
StandardsThe Linux Foundation has quantified a crucial insight for engineering teams: your open source strategy can either multiply your investment or quietly drain your budget. Organizations that actively con
