In brief: Open-source development projects often must rely on many external dependencies, saving developers the work of building new functionality from scratch. Google's new tool is the latest part of ...

A critical vulnerability was recently discovered in Imunify360 AV, a security scanner used by web hosting companies to protect over 56 million websites. An advisory by cybersecurity company Patchstack ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. In this podcast, Shane Hastie, Lead Editor ...

Many threat actors are turning to malware to scan software vulnerabilities that they can use in future cyber-attacks. Security researchers at Unit 42, the threat intelligence branch of cybersecurity ...

Companies have increased the cadence of application-security testing — with triple the number of applications scanned and 20 times more scans per application — compared to a decade ago, according to ...

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours? Yesterday the Apache Foundation released an emergency ...

Open source Trivy plugs into the software build process and scans container images and infrastructure-as-code files for vulnerabilities and misconfigurations. Attacks on cloud-native infrastructures ...

It's a perfect storm: The cost of a data breach is rising, known cyberattacks are becoming more frequent, security expertise is in short supply, and the demand for connectedness — to deliver and act ...

Eight network scanning tools offer beefed-up management and remediation. A vulnerability rated as a low risk this morning could turn into your worst nightmare tonight. To meet the ever-increasing ...