Compliance as cybersecurity: A reality check on checkbox risk management
Here's what's driving the compliance-as-security trend — and why it's essential to go beyond checkbox cybersecurity amid a rapidly changing threat landscape.
Compliance as cybersecurity: A reality check on checkbox risk management
SEC cybersecurity disclosures and lessons to be learned: A timeline
Here’s what the 2024 8-K security-incident filings are all about, lessons to be learned — and the bigger picture for cybersecurity.
A new playground: Malicious campaigns proliferate from VSCode to npm
To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.
The year in ransomware: Security lessons to help you stay one step ahead
Ransomware kept its stride in 2024. In 2025, threat actors are moving toward targeting key parts of the software supply chain. Here are key lessons.
OSS in the crosshairs: Cryptomining hacks highlight key new threat
Hacks of rspack, vant highlight the growing trend of cryptomining compromises spreading via top open-source packages.
U.K. cybersecurity chief warns of gap between risks and defenses
The new NCSC lead warned that cybersecurity risk is 'widely underestimated.' But experts say AI could close the gap — if the industry comes together.
SEC action raises the bar on software transparency
Four firms have been fined for playing down how the SolarWinds attack impacted them. It’s part of a government push for greater supply chain transparency.
AI-based fuzzing targets open-source LLM vulnerabilities
Google researchers using OSS-Fuzz have identified 26 vulnerabilities, but experts warn that AI fuzzing is not a panacea for AI/ML security.
Compromised ultralytics PyPI package delivers crypto coinminer
A compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware.
Secure Your AWS Environments: Go Beyond Traditional Tooling in 2025
Whether it is managing a data lake, orchestrating CI/CD pipelines, or safeguarding data, your security needs are evolving — and so must your strategy.
Malware found in Solana npm library raises the bar for crypto security
Two recent versions of the Solana web3.js open source library were infected with code to steal private keys, putting crypto platforms and wallets at risk.
.Net Devs Can Now Vet NuGet Packages with the Spectra Assure Community
The RL community's search interface allows software development teams to quickly assess risk before choosing or updating open source NuGet packages.
The state of AppSec tooling: Step up to modern software security
Organizations are struggling with outdated tools. Here's what you need to know about modernizing your AppSec tooling for today's supply chain threats.
Why shift left alone can't manage your software risk
The state of application security was on the agenda at the Elephant in AppSec Conference. One clear takeaway: Modern threats demand an all-in approach.
Software liability gets real: 5 ways to get ahead of the EU's new directive
Here's what your organization needs to know about the Product Liability Directive — and how to avoid any slip-ups.