87% of Container Images in Production Have Critical or High-Severity Vulnerabilities

At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.

Check Point Boosts AppSec Focus With CNAPP Enhancements

Established network security players are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.

Snyk Gets Nod of Approval With ServiceNow Strategic Investment

One of the most closely watched security startups continues to build bank because its platform appeals to both developers and security pros.

Meta Takes Offensive Posture With Privacy Red Team

Engineering manager Scott Tenaglia describes how Meta extended the security red team model to aggressively protect data privacy.

State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims

APTs continue to exploit the dynamic job market and the persistent phenomenon of remote working, as explored by PwC at Black Hat USA.

Mac Attack: North Korea's Lazarus APT Targets Apple's M1 Chip

Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims.

After Colonial Pipeline, Critical Infrastructure Operators Remain Blind to Cyber-Risks

In her keynote address at Black Hat USA 2022, Kim Zetter gives a scathing rebuke of Colonial Pipeline for not foreseeing the attack.

New Cross-Industry Group Launches Open Cybersecurity Framework

Eighteen companies, led by Amazon and Splunk, announced the OCSF framework to provide a standard way for sharing threat detection telemetry among different monitoring tools and applications.