SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
dbta

Aqua Security Unveils Trivy Partner Connect to Boost Open Source Security Scanning

Aqua Security, a pioneer in cloud native security and the primary maintainer of Aqua Trivy, is launching the Trivy Partner Connect Program, expanding the commercial ecosystem around Trivy, an open ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
Scientific American

Open-source software has an invisible vulnerability. Hackers have found it

The danger in the code came from characters that are invisible to the human eye. In early March researchers at several security firms examined what looked like empty space and found hidden Unicode ...
来自MSN

Ten years of OSSRA: what a decade of data tells us about the state of open source security

When the first Open Source Security and Risk Analysis (OSSRA) report was published in 2015, the software landscape looked very different. Security teams were just beginning to grasp the implications ...
InfoWorld

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

The European Union’s Computer Emergency Response Team, CERT-EU, has traced last week’s theft of data from the Europa.eu platform to the recent supply chain attack on Aqua Security’s Trivy open-source ...