A Small Octopus and a Big Idea: How Wolfi Linux is Improving the Cloud’s Software Supply Chain Security.

The OpenSSL Project has announced that the long-term support version of OpenSSL 1.1.1 has come to the end of its lifecycle except for paying customers.

PostgreSQL and cURL aren't the only ones. Someone is faking security alerts for numerous open-source projects.

In the past I’ve sometimes described Australia as the land where internet policy is completely upside down. Rather than having a system that protects intermediaries from liability for third party c…

It doesn't get the headlines of complete cloud failures, but criminal cryptominers such as TeamTNT quietly steal away your cloud resources every day.

It turns out Microsoft's PowerShell Galley has the same kind of security problems that plague npm and PyPI.

Is the current CVE system too easily manipulated? Will it lead to inflated severity scores that do not reflect actual threats? A recent cURL vulnerability puts this question to the test.

The US government is paying more attention to open source software and memory-safe programming languages, and is requesting input from the private sector.

Open source is a blessing. It's also a curse when we don't take its security seriously. Now, the OpenSSF wants us all to take a long, hard look at how we consume and secure open-source software.

We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks.

Policy has not kept pace with how essential cloud computing has become to critical systems. Cloud attacks, such as SolarWinds, aren't the only threat as evidenced | The cloud isn't just important for business, it's become vital, which means danger to the cloud is a danger to all of us.

Two new chip vulnerabilities, AMD Inception and Intel Downfall, forced Torvalds to push out Linux security fixes.

Can a week go by without an npm problem? This week it's "manifest confusion at the Content Delivery Netwoirk.

Vendors knew all about it, but most customers were clueless.

Saudi Arabia is seeking to be an innovation hub, but activists are warning that tech firms could be complicit in the repression of dissidents.

Kevin Mitnick, who died at 59 on Sunday from pancreatic cancer on Sunday, began his career as a criminal hacker and ended as the best-known white-hat hacker.

Passkeys, password replacements, have finally come to GitHub in beta.

VPN services and other security tools won't be able to protect people from this kind of state-surveillance. What's next for France's justice reform bill?

In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.

Be very wary of any connected device, even one designed for kids