Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be

Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss

A vulnerability in the popular open-source firewall software pfSense has been identified, allowing for remote code execution (RCE) attacks.

OXO is a vulnerability scanning orchestrator that automatically binds tools together allowing for rapid scale.

Spotify recently introduced its security vulnerability management platform, Kitsune. Right from vulnerability detection to providing insights based on metrics, Kitsune manages the overall security vul

We started developing our vulnerability management platform (VMP) at Spotify in Q2, 2020, and now that we’ve implemented it and use the system in our day-to-day work, we wanted to take a moment to share our journey to help reduce security risks in an efficient and scalable manner.

In this post, I’ll show you how to build a continuous integration and continuous delivery (CI/CD) pipeline using AWS Developer Tools, as well as Aqua Security‘s open source container vulnerability scanner, Trivy. You’ll build two Docker images, one with vulnerabilities and one without, to learn the capabilities of Trivy and how to send all vulnerability […]