Open-source security is a mess - IBM and Red Hat bet $5 billion and 20,000 engineers can fix it ...

IBM open-source security project Lightwell will use AI tools and over 20,000 engineers to help secure enterprise open-source software.

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

BellSoft announces the publication of a new report, “Security in the Blind Spot: What Spring Developers Don't Know About Their Own Containers,” including the results of a survey of developers ...

A survey from BellSoft found that Spring developers don’t know their Dockerfiles affect their security posture.

Hackers are exploiting unsupported F5 BIG-IP appliances to gain SSH access to enterprise Linux systems, turning trusted edge infrastructure into entry points for deeper attacks on identity systems and ...

AI vulnerability scanner enterprise teams can now access Claude Security in public beta, powered by Claude Opus 4.7, with no ...

DockSec correlates findings from container security scanners and uses AI to generate remediation guidance and exact Dockerfile fixes.

Microsoft has joined the ranks of companies using artificial intelligence models to look for vulnerabilities in large codebases, and said its MDASH scanner found four critical remote code execution ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

Written by Isaac Wuest, Principal Product Manager at HeroDevs. When security teams think about end-of-life (EOL) open source software, the conversation usually starts and ends in the same place: no ...

Picture this scenario: An Anthropic Skill scanner runs a full analysis of a Skill pulled from ClawHub or skills.sh. Its markdown instructions are clean, and no prompt injection is detected. No shell ...