Another day, another PyPI malware package. But this one has a new way to (try to) sneak into your computer.

The OpenSSF Siren is a fresh, new take on ye old security mailing list.

All vendor kernels are plagued with security vulnerabilities, according to a CIQ whitepaper. Will the Linux community ever accept upstream stable kernels?

VFCFinder analyzes commit histories to pinpoint the most likely commits associated with vulnerability fixes.

When you need to run Linux in an especially secure environment, SELinux is the answer. But getting SELinux up-and-running takes a lot of know how.

The new version of Rocky Linux includes security improvements, better cloud images, and the latest developer tools.

It sounds simple: If you pay developers more money they'll improve the quality and security of their code. The evidence isn't so clear.

A new Chrome JavaScript security hole is nasty, so don't waste any time patching your systems.

With built-in end-to-end encryption, OpenTofu is a natural DevSecOps fit.

The popular enterprise Linux CentOS 7 will soon cease to be supported, but its hundreds of thousands of users still need support.

Since February, there've been 800 newly assigned CVEs. Your job? Update your main Linux distro more often.

Want to keep running Ubuntu Linux for over a decade? Canonical can help. 

In their haste to deploy LLM tools, organizations may overlook crucial security practices. The rise in threats like Remote Code Execution indicates an urgent need to improve security measures in AI development.

What are the trust best practices? We honestly don't know yet. But, if we're to trust our open source projects, we must figure it out.

The latest version of the newly renamed System Package Data Exchange (SPDX) was announced Tuesday at Open Source Summit North America.

The new Outlook now appears to be a data collection service for Microsoft’s 801 external partners for targeted advertising.

Almost 600,000 Roku customers had their accounts hacked through two credential-stuffing attacks several weeks apart.

This new open-source project built on the Xen hypervisor will bring a new level of security to containers.

For the first time, an open-source maintainer put malware into a key Linux utility. We're still not sure who or why - but here's what you can do about it.

Most users won't be affected by this malware, but if it had gone undetected for a few more months, everyone using Linux would have faced their biggest security disaster ever.