%term

Three New High-Severity Vulnerabilities in runc: What You Need to Know

Nov 6, 2025 By Ben Hirschberg In ARMO

Within 24 hours, three new high-severity vulnerabilities were disclosed in runc, the low-level runtime that underpins most container platforms, including Docker, containerd, Kubernetes, and nearly every major cloud provider’s managed Kubernetes service. These vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) allow a malicious container image to break out of the container boundary and affect the host machine directly.

Read Post

ARMO

Read more about Three New High-Severity Vulnerabilities in runc: What You Need to Know

Building a more secure npm ecosystem with Mend Renovate

Nov 6, 2025 By Jamie Tanna In Mend

Over this last year, we’ve seen significant attacks like the Shai-Hulud worm, the Nx build system compromise, and secrets being leaked to public GitHub Actions logs via the tj-actions/changed-files compromise, but I could spend the entirety of this article only listing different attacks, let alone talking about them.

Read Post

Mend

Read more about Building a more secure npm ecosystem with Mend Renovate

Direct vs. Indirect AI Risks: What Security Teams Need to Know #AIsecurity #AppSec #AInative

Nov 6, 2025 By Mend In Mend

AI coding assistants don’t just speed up development — they introduce two kinds of risks you can’t afford to ignore. Direct risks: vulnerabilities added straight into generated code. Indirect risks: exposure through how AI tools shape workflows, dependencies, and external connections. Both can create blind spots — and both demand visibility. Watch to learn how recognizing these layers helps secure your AI-driven workflows.

View Video

Mend

Read more about Direct vs. Indirect AI Risks: What Security Teams Need to Know #AIsecurity #AppSec #AInative

Best Application Security Testing Services to Know

Nov 5, 2025 By Tiffany Jennings In Mend

Application Security Testing (AST) services use automated tools and manual techniques to find and fix security vulnerabilities in software, integrating security into the entire development lifecycle (SDLC) to prevent threats and protect applications from attacks. Key services include Static Application Security Testing (SAST) for code-level analysis, Dynamic Application Security Testing (DAST) for runtime testing, and Interactive Application Security Testing (IAST) which combines both.

Read Post

Mend

Read more about Best Application Security Testing Services to Know

DevSecOps Best Practices: How to Integrate Security into Your DevOps Pipeline

Nov 4, 2025 By Natalie Tischler In Veracode

DevOps and security teams often operate with conflicting goals: one pushes for speed, the other for safety. This friction creates bottlenecks, slows innovation, and builds security debt. But what if you could align these functions with a clear, actionable framework? Instead of just talking about “shifting left,” you could implement a structured process that embeds security into every stage of development: DevSecOps best practices.

Read Post

Veracode

Read more about DevSecOps Best Practices: How to Integrate Security into Your DevOps Pipeline

ARMO Monthly Product Roundup - November 2025

Nov 3, 2025 By Yossi Ben Naim In ARMO

Hi there, We’ve just dropped a fresh batch of updates to help you cut through the noise, stay in control, and secure your cloud-native environments with more precision. Here’s what’s new in the ARMO Platform this month.

Read Post

ARMO

Read more about ARMO Monthly Product Roundup - November 2025

How I Use Codex Efficiently (OpenAI)

Nov 3, 2025 By Snyk In Snyk

Want to code faster and smarter using AI? In this video, we dive into how to use OpenAI Codex efficiently. Whether you’re a beginner or a seasoned developer, you’ll learn practical strategies to get the most out of Codex and level up your workflow.

View Video

Snyk

Read more about How I Use Codex Efficiently (OpenAI)

How I Use Codex Efficiently (OpenAI) PART 2

Nov 3, 2025 By Snyk In Snyk

Ready to take your Codex skills to the next level? In Part 2 of our OpenAI Codex series, we dive deep into advanced techniques and real-world workflows that help you maximize efficiency and creativity when coding with AI.

View Video

Snyk

Read more about How I Use Codex Efficiently (OpenAI) PART 2

Teleport named to 2026 Fortune Cyber 60 List

Oct 30, 2025 By Teleport In Teleport

Teleport recognised for rapid innovation and growth.

Read Post

Teleport

Read more about Teleport named to 2026 Fortune Cyber 60 List

Securing your CI/CD Pipelines with GitHub Actions: DevSecOps in Action

Oct 30, 2025 By SignMyCode In SignMyCode

When people talk about securing software, they typically refer to two distinct aspects. The code itself, or the servers it runs on. That makes sense. Those are the most visible parts. But what actually holds everything together isn’t either of those. It’s the pipeline in between the system that moves code from an idea in a developer’s head to something running in production. CI/CD pipeline can be easy to overlook because it often feels invisible.

Read Post

SignMyCode

Read more about Securing your CI/CD Pipelines with GitHub Actions: DevSecOps in Action

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Three New High-Severity Vulnerabilities in runc: What You Need to Know

Building a more secure npm ecosystem with Mend Renovate

Direct vs. Indirect AI Risks: What Security Teams Need to Know #AIsecurity #AppSec #AInative

Best Application Security Testing Services to Know

DevSecOps Best Practices: How to Integrate Security into Your DevOps Pipeline

ARMO Monthly Product Roundup - November 2025

How I Use Codex Efficiently (OpenAI)

How I Use Codex Efficiently (OpenAI) PART 2

Teleport named to 2026 Fortune Cyber 60 List

Securing your CI/CD Pipelines with GitHub Actions: DevSecOps in Action

Monthly Archive

Follow Us