Expert perspectives on application security, compliance, and emerging threats
IncidentWhat Happened Google patched a critical vulnerability in the Gemini CLI package and its GitHub Actions workflow, which received a CVSS score of 10.0—the highest severity rating. This flaw allowed atta
IncidentWhat Happened The elementary-data package on PyPI, downloaded over 1.1 million times monthly, was compromised to distribute version 0.23.3 containing malware designed to steal sensitive data and crypt
IncidentWhat Happened A high-severity vulnerability in Docker Engine (CVE-2026-34040, CVSS 8.8) allowed attackers to bypass authorization plugins and gain host access through a malformed HTTP request. This fl
IncidentWhat Happened TeamPCP compromised the CI/CD pipeline for Trivy, a widely-used vulnerability scanner, by stealing publishing credentials. They used these credentials to push malicious versions of both
Get weekly security insights and compliance updates delivered to your inbox.
IncidentWhat Happened Your team might face a critical vulnerability in production that your CI/CD security pipeline had previously scanned and cleared. Consider a SQL injection flaw in a user authentication e
IncidentThe Problem: Widespread Vulnerabilities According to Datadog s State of DevSecOps 2026 report, 87% of organizations are running at least one exploitable vulnerability in their production services. The
