In-depth coverage of the latest Security & Privacy developments, trends, and analysis — curated daily.
Supply chain attacks hit CI/CD hard last year—tj-actions, Nx, trivy-action compromised. GitHub's firing back with lockfiles and centralized policies in its 2026 Actions roadmap.
Another day, another supply chain scare rippling through open source. GitHub's touting fixes for Actions workflows and npm malware, but who's really winning here?
GitHub reviewed just 4,101 open source advisories in 2025—the fewest since 2021. But don't pop the champagne; new vulnerabilities jumped 19%, signaling no safety net yet.
Npm's supply chain just took another hit—36 malicious packages posing as Strapi plugins, laser-focused on draining Guardarian wallets. Developers, wake up: this isn't random.
Mark Russinovich feeds vintage Apple II binary to an AI. It labels the code, explains the logic, spots a sneaky bug. Open source suddenly looks like the only sane bet.
You're knee-deep in a repo, commit a stray API key, and bam—GitHub's secret scanning lights up like a Christmas tree. But is this savior suite really as straightforward as it seems?
Nine kernel bugs in AppArmor—hidden since 2017—let unprivileged users become root, bust out of containers, and crash entire systems. Over 12 million enterprise Linux instances are exposed. Here's what you need to know (and patch) today.
npm audit passed the event-stream package 847 times before it stole cryptocurrency wallets. A new Rust-based scanner is changing how developers think about dependency safety.
Bots are scanning your server's default SSH port this very second. Here's how to lock down Linux infrastructure before they get in.
Forget spy-free promises from Big Tech. Maple Linux 1.4, straight from Ontario, boots clean and respects your data like a true northerner.
A developer built a free VS Code extension after nearly pushing a live Stripe key to GitHub. EnvGuard now catches 30+ types of secrets before they escape into the wild.
GitHub's March 2026 update isn't just another incremental feature drop. It's a signal that secret detection is finally catching up to how developers actually build—with AI.