Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)
Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins have been made public and there’s evidence of …
ARMO adds MITRE ATT&CK framework to its open-source Kubernetes testing tool
ARMO released an expanded version Kubescape, an open-source testing tool for Kubernetes environments that is compliant with the standards set forth in the Kubernetes Hardening …
CloudBees enhances feature management capabilities within its software delivery platform
CloudBees announced new capabilities for feature management within its software delivery platform, including full visibility and control of feature flags throughout the …
Cequence Security API Sentinel 2.0 helps orgs strengthen their runtime API protections
Cequence Security announced the release of API Sentinel 2.0, adding powerful features that will help organizations strengthen their runtime API protections by “shielding …
BoxBoat reports momentum for BoxOps, its platform for DevSecOps managed services
BoxBoat announced that it is realizing significant managed services revenue growth driven by greater customer adoption of its BoxOps platform. This mirrors the growth that …
Updated cryptojacking worm steals AWS credentials
A malicious cryptocurrency miner and DDoS worm that has been targeting Docker systems for months now also steals Amazon Web Services (AWS) credentials. What’s more, …
2019 was a record year for OSS vulnerabilities
Total vulnerabilities in OSS more than doubled in 2019 from 421 Common Vulnerabilities and Exposures (CVEs) in 2018 to 968 last year, according to a RiskSense report. Top 10 …
12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks
A vulnerability (CVE-2020-2100) in 12,000+ internet-facing Jenkins servers can be abused to mount and amplify reflective DDoS attacks against internet hosts, Radware …