DevSecOps
Shai-Hulud Clone ‘Miasma’ Compromises 32 Red Hat npm Packages
Jeff Burt | | Aikido Security, CI/CD (Continuous Integration/Continuous Deployment), Cloud Security, credential security, GitHub Actions, leaked secrets, npm malware, Orca Security, Shai-Hulud worm, TeamPCP, WizThe threat group behind the notorious Mini Shai-Hulud worm last month put the complete source code for the malware into a GitHub repository, essentially open sourcing the threat so that other bad ...
Claude Code Security Catches Vulnerabilities While You Write Code
Claude Code Security uses AI reasoning to catch complex vulnerabilities in code — including logic flaws that traditional static analysis tools consistently miss ...
IBM, Red Hat Launch Project Lightwell to Secure Open Source Software from Frontier Models
Jeff Burt | | AI (Artificial Intelligence), AI security risks, AI vulnerability detection, Anthropic Mythos Preview, frontier AI models, Google Cloud, microsoft, open source software security, OpenAI, Project Glasswing, Project Lightwell, red hatIBM and Red Hat are bringing together what they’ve learned from frontier AI models and 20,000 engineers to launch Project Lightwell, a $5 billion initiative aimed at helping enterprises better secure their ...
Attackers Can Exploit a Claude Code RCE Flaw to Take Command of System
Jeff Burt | | agentic AI, AI (Artificial Intelligence), AI security risks, Anthropic Claude Code, automated parsers, deeplinkA dangerous vulnerability found in Anthropic’s popular Claude Code developer model could have allowed bad actors to grab control of a victim’s system by luring them into clicking on a crafted malicious ...
Modernizing DevOps Security With Intelligent KYC Enforcement Layers
This is where smart KYC enforcement layers fit in — not a compliance box, but an engineering control that is directly part of DevOps processes. ...
CI/CD Supply Chain Security: Hardening Artifacts, Dependencies, and Delivery Pipelines
Modern CI/CD pipelines have become one of the most attractive attack surfaces in enterprise environments. As organizations push for faster releases, broader automation, and greater reuse of third-party components, the software supply chain ...
GitHub Breach Tied to Malicious VS Code Extension Exposes Thousands of Internal Repositories
GitHub says attackers accessed thousands of internal repositories after a company employee’s device was compromised through a malicious Visual Studio Code extension, though the company said it has removed the malicious extension, ...
Widespread Mini Shai-Hulud Campaign Is a Matter of Trust
Jeff Burt | | 360 Privacy, AI supply chain attacks, Aikido Security, CI/CD security, credentials, Endor Labs, npm malware, Pathlock, Sectigo, Shai-Hulud worm, TeamPCP, trust in technologyThe latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and their CI/CD pipelines, an issue that has been raised in recent months ...
AI-Generated Apps Without DevOps: A Security Disaster Waiting to Happen
Sannan Ali | | AI coding assistants, application security, CI/CD security, devops, Software Supply ChainA small internal tool was built over a weekend. An engineer used an AI coding assistant to generate most of the backend. A simple interface was added, a few API calls were ...
Cyber Threats to DevOps Platforms Rising Fast, GitProtect Report Finds
Jeff Burt | | Azure DevOps, CI/CD, code repositories, Cybersecurity, DevOps platform downtime, devops security, extortion, GitHub security, GitProtect.io DevOps Threats report, GPUGate, JIRA, Kaspersky Lab, NPM security, Ransomware, Shai-HuludThe number of incidents targeting DevOps platforms grew 21% in 2025, but the amount of downtime jumped almost 95%, the security firm said ...
Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable
Jeff Burt | | Aqua Security Trivy, CI/CD cyberthreats, exposed secrets, GitHub Actions, IANS Research, malicious code, microsoft, OWASP Top 10, remote code execution, software development security, software supply chain attacks, software vulnerabilities, TenableA critical vulnerability in a popular Microsoft GitHub repository could allow a threat actor to easily exploit its CI/CD infrastructure to run arbitrary code in the repository and gain access to secrets, ...
Appknox Adds AI Tool to Detect and Fix Vulnerabilities in Mobile Applications
Appknox today added an ability to apply artificial intelligence (AI) to assess vulnerabilities in the binaries used to construct a mobile application and recommend a fix that can be passed on to ...
