The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that is depended on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.

Security teams require complete visibility into their hosts, containers, and functions in order to detect, prioritize, and remediate their most pressing security risks. The Datadog Agent helps you achieve this visibility by collecting deep insights in your environment through logs, distributed traces, infrastructure metrics, and other key telemetry.

While shifting security left has been a hot topic for around a decade, many organizations still face issues trying to make it a reality. There are many misconceptions about what shift left means and what it looks like for development teams to take ownership of security without derailing their existing workflows.

We are pleased to introduce Semantic Versioning and release channels to Snyk CLI from v.1.1291.0 onwards. In this blog post, we will share why we are introducing these changes, what problems these changes solve for our customers, and how our customers can opt-in according to their needs.

After a new zero-day vulnerability is announced, the National Vulnerability Database (NVD) publishes a measure of its severity under the Common Vulnerability Scoring System (CVSS). CVSS scores are a crucial tool for organizations as they give an approximation of the severity of disclosed vulnerabilities.

In 2023, a quarter (25.6%) of incidents originated with a known vulnerability, according to the Arctic Wolf Labs 2024 Threat Report. And while zero-day vulnerabilities only accounted for a tiny percentage of incidents in 2023, two of them — the MOVEit Transfer Vulnerability and the GoAnywhereMFT Vulnerability — wreaked havoc around the globe.

On April 24, 2024, Cisco Talos and several government security agencies published details on a sophisticated threat campaign focused on espionage and gaining unauthorized access to sensitive information from targeted government entities and organizations in critical infrastructure. As part of that publication, Cisco disclosed CVE-2024-20353 and CVE-2024-20359, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, which were actively exploited in the documented campaign.

Containers are integral to modern application development portability, resource efficiency, and ease of deployment. But there is a flip side to these benefits. Unlike traditional applications, containers bundle everything needed to run, making them a scattered setup for hidden security issues. 54% of container images in Docker Hub were found to contain sensitive information that could lead to unauthorized access, data breaches, or identity theft.