StepSecurity
Red Hat npm packages compromised in new Mini Shai-Hulud malware wave
Unknown attackers have compromised 30+ Red Hat Cloud Services npm packages with malware that goes after credentials stored in developers’ build environment. What the …
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack
A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The …
Breaking down the numbers: Q2 2024 cybersecurity funding activity recap
We present a list of selected cybersecurity companies that received funding during the second quarter of 2024 (Q2 2024). Alethea April | $20 million Alethea closed a $20 …
StepSecurity raises $3 million to secure CI/CD pipelines for open-source and enterprise
StepSecurity announced the closing of its $3 million seed funding round led by Runtime Ventures, with participation from Inner Loop Capital, SaaS Ventures, DeVC, and several …
Securing GitHub Actions for a safer DevOps pipeline
GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment process automation. It allows you to …
Featured news
Resources
Don't miss
- Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)
- CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)
- DockSec: Open-source AI-powered Docker security scanner
- Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)
- June 2026 Patch Tuesday forecast: Where are the CVEs?