Why risk alone doesn’t get you to yes
I have been in security rooms for years, from military operations centers to corporate boardrooms. In all those years I can tell you that the hardest mission that most …
ShipSec Studio brings open-source workflow orchestration to security operations
Security teams have long relied on a mix of shell scripts, cron jobs, and loosely connected tools to chain reconnaissance and vulnerability scanning work together. ShipSec …
Breaking out: Can AI agents escape their sandboxes?
Container sandboxes are part of routine AI agent testing and deployment. Agents use them to run code, edit files, and interact with system resources without direct access to …
Don’t count on government guidance after a smart home breach
People are filling their homes with internet-connected cameras, speakers, locks, and routers. When one of those devices is compromised, the next steps are often unclear. …
Week in review: NIST updates DNS security guidance, compromised LiteLLM PyPI packages
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST updates its DNS security guidance for the first time in over a decade …
Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)
A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US …
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware
TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software …
CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently …
Ajax data breach exposed season tickets, supporter bans open to tampering
AFC Ajax, the Dutch football club from Amsterdam, disclosed that an unknown hacker gained access to parts of its IT systems and obtained the email addresses of a few hundred …
AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure
Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded …
Make OpenAI’s models misbehave and earn a reward
OpenAI’s public Safety Bug Bounty program focuses on AI abuse and safety risks across its products. The goal is to support safe and secure systems and reduce the risk of …
Top product launches at RSAC 2026
RSAC 2026 showcased a wave of innovation, with vendors unveiling technologies poised to redefine cybersecurity. From AI-powered defense to breakthroughs in identity …
Featured news
Resources
Don't miss
- Why risk alone doesn’t get you to yes
- ShipSec Studio brings open-source workflow orchestration to security operations
- Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)
- TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware
- CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation