OS-enforced capability sandbox for running untrusted AI agents. No escape hatch. Works with Claude, GPT, and any AI agent.

Lightweight, container-free sandbox for running commands with network and filesystem restrictions - Use-Tusk/fence

This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL - dev-sec/ansible-collection-hardening

: Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs

HelixGuard provides open-source research on supply chain malware and vulnerability intelligence. Advanced threat detection tools and datasets for the security community.

Worldwide enumeration of accounts was possible due to a —now closed— privacy vulnerability

Microsoft said today that the Aisuru botnet hit its Azure network with a 15.72 terabits per second (Tbps) DDoS attack, launched from over 500,000 IP addresses.

The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky

A lively discussion about open source, security, and who pays the bills has erupted on Twitter.

Google announced its intent to acquire cloud security company Wiz in March and the deal is now on track to close in early 2026.

Log4Shell proved that open source security isn't guaranteed and isn’t just a code problem.

The Louvre heist was an instant joke online — a joke that gets even funnier when you learn the museum's video surveillance password.

Scan MCP Servers for vulnerabilities. Contribute to cisco-ai-defense/mcp-scanner development by creating an account on GitHub.

Learn how to use AI code assistants securely with OpenSSF’s new free course, Secure AI/ML-Driven Software Development (LFEL1012) by David A. Wheeler. Build safer software with practical AI security guidance.

A new command injection vulnerability in OpenSSH, tracked as CVE-2025-61984, has been disclosed, which could allow an attacker to achieve remote code execution on a victim's machine.

CodeMender is a new AI-powered agent that improves code security automatically. It instantly patches new software vulnerabilities, and rewrites and secures existing code, eliminating entire...

Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site.

Cybercriminals connected to a recent string of ransomware attacks on major British retailers said on Friday they had stolen almost 1 billion records from cloud technology giant Salesforce, opens new tab by focusing on companies that use its software

One of Discord’s third-party customer service providers was compromised by an “unauthorized party” that may have accessed things like names, usernames, and emails.