Top 10 Best Static Application Security Testing (SAST) Tools for Security Teams in 2026
The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought....
Amazon
20 articles
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "...
Ubiquiti Patches Critical UniFi OS Privilege Escalation Flaws
Ubiquiti has released urgent security patches for five critical and high-severity vulnerabilities across its UniFi OS platform, addressing flaws that could a...
CISA adds Trend Micro Apex One and Langflow flaws to exploited vulnerabilities catalog
The vulnerabilities added are CVE-2025-34291, an origin validation error in Langflow with a CVSS score of 9.4, and CVE-2026-34926, a directory traversal flaw...
Meta settles school district lawsuit claiming addictive design harmed students' mental health
The bellwether lawsuit was the first of at least 1,200 to be brought by a school district against Meta, Snap, YouTube and TikTok for similar alleged harms. T...
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S.
CISA Security Leak
Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that e...
Splunk Patches Multiple Vulnerabilities Enabling DoS Attacks and Data Exposure
Splunk has released security updates to fix three newly disclosed vulnerabilities that could allow low-privileged users to access sensitive data or disrupt S...
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The U.S.
AWS KY3P report now available for third-party supplier due diligence
We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This a...
Why Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflows
Agents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LL...
AWS Security Hub Extended: Why enterprise security products should sell themselves
Our largest security services customers started the same way every customer does – with a click. They enabled Amazon GuardDuty, Amazon Inspector, AWS WAF, an...
Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours.
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
Verizon DBIR finds 31% of data breaches began with software flaws last year
Pardus Linux Vulnerability Lets Local Attackers Gain Silent Root Access
A critical privilege escalation vulnerability chain, tracked as CVE-2026-5140, has been discovered in the Pardus Linux update mechanism, allowing local users...
CISA contractor's public GitHub repo exposed sensitive government credentials
The repository, named "Private-CISA" and maintained by contractor Nightwing, exposed AWS administrative credentials, access keys, tokens, plaintext usernames...
CIRT insights: How to help prevent unauthorized account removals from AWS Organizations
The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncove...
Contractor’s public GitHub account exposed GovCloud and CISA credentials
Until a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastr...
Governing infrastructure as code using pattern-based policy as code
Organizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload m...
PostgreSQL Flaws Expose Databases to Remote Code Execution and SQL Injection
PostgreSQL has released critical security updates addressing multiple high-impact vulnerabilities that could allow remote code execution (RCE), SQL injection...