Expert perspectives on application security, compliance, and emerging threats
IncidentWhat Happened Security researchers at Novee Security discovered a critical remote code execution vulnerability in Google s Gemini CLI tool, rated with a CVSS score of 10.0. This flaw affected versions
IncidentWhat Happened Google patched a critical vulnerability in the Gemini CLI package and its GitHub Actions workflow, which received a CVSS score of 10.0—the highest severity rating. This flaw allowed atta
IncidentWhat Happened The elementary-data package on PyPI, downloaded over 1.1 million times monthly, was compromised to distribute version 0.23.3 containing malware designed to steal sensitive data and crypt
IncidentWhat Happened A high-severity vulnerability in Docker Engine (CVE-2026-34040, CVSS 8.8) allowed attackers to bypass authorization plugins and gain host access through a malformed HTTP request. This fl
Get weekly security insights and compliance updates delivered to your inbox.
IncidentWhat Happened TeamPCP compromised the CI/CD pipeline for Trivy, a widely-used vulnerability scanner, by stealing publishing credentials. They used these credentials to push malicious versions of both
IncidentWhat Happened Your team might face a critical vulnerability in production that your CI/CD security pipeline had previously scanned and cleared. Consider a SQL injection flaw in a user authentication e
IncidentThe Problem: Widespread Vulnerabilities According to Datadog s State of DevSecOps 2026 report, 87% of organizations are running at least one exploitable vulnerability in their production services. The
