DevSecOps
Checkmarx Adds Hybrid SAST Engine to Improve AppSec in AI Era
Checkmarx this week revealed it has re-engineered the core engines embedded within its static application security testing (SAST) tools for the agentic artificial intelligence (AI) era. At the core of that effort ...
Survey Surfaces Depth of DevSecOps Crisis in the Age of AI
A global survey of 2,350 developers, CISOs and application security managers published this week finds that while nearly all respondents (96%) work for organizations that have embedded or connected artificial intelligence (AI) ...
Shift Left to the Developer’s Machine: Building Local Git Security Gates
Arun Sanna | | CI/CD security, code security, Credential Leakage, Defense in Depth, developer experience, Developer Security, devsecops, Git Hooks, Git Security, GitLeaks, Open Source Security Tools, Pre-Commit Hooks, secret detection, secrets management, shift left security, Software Supply Chain, static analysis, supply chain security, vulnerability scanningShift left to the developer's machine. The principle is what matters: Stop secrets before they ship. The tooling is a means to that end. ...
Security Flaw in Claude Code Illustrates the Risk of AI in Developer Workflows
Jeff Burt | | agentic AI in development, Anthropic Claude Code, bash, CI/CD and AI agents, exposed secrets, GitHub Actions, microsoft, prompt injectionAI coding agents are reshaping software development—but they’re also expanding the attack surface. Researchers uncovered a now-patched vulnerability in Anthropic’s Claude Code GitHub Action that could have enabled prompt injection attacks to ...
IronWorm Malware Shares Shai-Hulud Traits, Takes Threat to ‘Next Level’
Jeff Burt | | ebpf, IronWorm, jfrog, malware, Miasma, OX Security, Rust programming language, Shai-Hulud worm, software developers, software supply chain attacks, TeamPCPOpen source software developers continue to come under attack, with the latest threat being a custom malware that shares many of the attributes of the notorious Shai-Hulud self-propagating worm but comes with ...
Shai-Hulud Clone ‘Miasma’ Compromises 32 Red Hat npm Packages
Jeff Burt | | Aikido Security, CI/CD (Continuous Integration/Continuous Deployment), Cloud Security, credential security, GitHub Actions, leaked secrets, npm malware, Orca Security, Shai-Hulud worm, TeamPCP, WizThe threat group behind the notorious Mini Shai-Hulud worm last month put the complete source code for the malware into a GitHub repository, essentially open sourcing the threat so that other bad ...
Claude Code Security Catches Vulnerabilities While You Write Code
Claude Code Security uses AI reasoning to catch complex vulnerabilities in code — including logic flaws that traditional static analysis tools consistently miss ...
IBM, Red Hat Launch Project Lightwell to Secure Open Source Software from Frontier Models
Jeff Burt | | AI (Artificial Intelligence), AI security risks, AI vulnerability detection, Anthropic Mythos Preview, frontier AI models, Google Cloud, microsoft, open source software security, OpenAI, Project Glasswing, Project Lightwell, red hatIBM and Red Hat are bringing together what they’ve learned from frontier AI models and 20,000 engineers to launch Project Lightwell, a $5 billion initiative aimed at helping enterprises better secure their ...
Attackers Can Exploit a Claude Code RCE Flaw to Take Command of System
Jeff Burt | | agentic AI, AI (Artificial Intelligence), AI security risks, Anthropic Claude Code, automated parsers, deeplinkA dangerous vulnerability found in Anthropic’s popular Claude Code developer model could have allowed bad actors to grab control of a victim’s system by luring them into clicking on a crafted malicious ...
Modernizing DevOps Security With Intelligent KYC Enforcement Layers
This is where smart KYC enforcement layers fit in — not a compliance box, but an engineering control that is directly part of DevOps processes. ...
CI/CD Supply Chain Security: Hardening Artifacts, Dependencies, and Delivery Pipelines
Modern CI/CD pipelines have become one of the most attractive attack surfaces in enterprise environments. As organizations push for faster releases, broader automation, and greater reuse of third-party components, the software supply chain ...
GitHub Breach Tied to Malicious VS Code Extension Exposes Thousands of Internal Repositories
GitHub says attackers accessed thousands of internal repositories after a company employee’s device was compromised through a malicious Visual Studio Code extension, though the company said it has removed the malicious extension, ...
