Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation's the bottleneck, which ...

More tools haven’t delivered better security. In today’s high-velocity development environment, organizations must unify ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

TL;DR  Introduction   There is a widely held belief that penetration testing Operational Technology networks is impossible.

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

ProjectDiscovery, winner of the 2025 RSAC Innovation Sandbox, today announced the commercial launch of Neo, an advanced security testing platform that autonomously performs end-to-end penetration ...

Authentication Failures (A07) show the largest gap in the dataset: a 48-percentage-point difference between leaders and the field. Leaders fix at nearly 60%, while the field sits at roughly 12%.

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

Semgrep, a leading code security company, today announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and remediation. Its detection finds ...

Spread the loveThe Cybersecurity and Infrastructure Security Agency (CISA) has recently made headlines by adding two significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.