Polyfill supply chain attack: What to do when your CDN goes evil

Thu, 27 Jun 2024

The xz-utils backdoor: The supply chain RCE that got caught

Fri, 05 Apr 2024

One year since Log4Shell, two since SolarWinds: What’s coming in 2023?

Wed, 23 Nov 2022

Never trust, always check: Catching partial fixes and buggy patches

Fri, 25 Mar 2022

Lessons from the Log4j crisis: Are we ready for the next global vulnerability?

Fri, 21 Jan 2022

Facing DevSecOps hurdles, federal agencies need a modern approach to security

Tue, 18 Jan 2022