DevSecOps

Enterprise Smart Contracts Have a Cryptography Problem. EY Just Built a Way Around It
The business case for smart contracts is building fast. Major financial institutions are using programmable, code-based agreements to underpin financial workflows, supply chain operations, and tokenization initiatives. Developers are being asked to ...

IBM and Red Hat Launch Lightwell Catalog to Automate Remediation
IBM and Red Hat this week revealed that Lightwell Network, a catalog of more than 6,500 application-layer dependencies that drives an automated vulnerability remediation service, is now generally available. At the same ...

GhostApproval Flaw Featuring Decades-Old Feature Found in Six AI Coding Tools
A security flaw found in six popular AI coding agents can let attackers abuse a decades-old feature in Unix to trick an AI agent into giving them control of a developer’s system ...

North Korea Expands the Reach of PolinRider Supply Chain Attack Campaign
The North Korean-sponsored threat groups behind the long-running fake interview scams targeting developers are expanding the PolinRider supply chain campaign that has escalated over the past several months. Reports from cybersecurity vendors ...

When AI Agents Get Production Access: The Next Big DevOps Risk
It wasn’t that long ago that AI assistants just watched from the sidelines. They could answer your questions, explain how things worked, sum up logs, and write deployment scripts. Handy, sure, but ...

Mozilla Shows the Danger of Indirect Prompt Injections in AI Coding Agents
A clean GitHub repository that contains no malicious code can launch an attack and fully compromise a developer’s systems by using indirect prompt injections to trick AI-powered coding agents like Anthropic’s Claude ...

Attackers Exploit SimpleHelp Flaw to Steal Info from AI Coding Assistants, Clouds
Threat actors are exploiting a known security flaw in the SimpleHelp remote monitoring and management (RMM) software to drop two previously unknown pieces of malware that can compromise a broad range of ...

From Phishing to Vishing: Why DevSecOps Must Rethink Communication Security
Key Takeaways: Vishing is the new frontline threat: Attackers are shifting from emails to phone-based scams, using AI and social engineering to bypass traditional security controls. DevSecOps must expand its scope: Securing ...

Akrites: The Latest Attempt to Protect Open-Source From AI Attacks Has Arrived
Akrites, a new Linux Foundation initiative backed by many of the world’s largest tech and financial firms, is the industry’s latest attempt to get ahead of AI‑accelerated software supply chain risks by ...

Autonomous AWS Agent Automates Modernization of Codebases
Amazon Web Services (AWS) today made available a preview of an artificial intelligence (AI) agent that has been trained to continuously modernize codebases. Announced at the AWS New York Summit, the AI ...

AWS Continuum Service Employs AI to Secure Software Supply Chains
Amazon Web Services (AWS) today launched a service that expands the scope of the artificial intelligence (AI) tools it provides to secure code to include an agent that discovers, validates and prioritizes ...

Why Endpoint Protection Matters More than Ever in CI/CD Environments
CI/CD environments depend on far more than repositories and deployment infrastructure. Developer endpoints hold sensitive data: cloud credentials, SSH keys, deployment permissions, direct access to internal systems. Endpoint security and control are ...

