Check the real-time health of major SaaS providers and AWS services with Updog.ai, a new public resource powered by Datadog observability data and AI.

The browser with ChatGPT built in.

Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.

AWS launched compute-optimized C8i and C8i-flex EC2 instances powered by custom Intel Xeon 6 processors available only on AWS to offer up to 15% better price performance, 20% higher performance, and 2.5 times more memory throughput compared to previous generations.

Contribute to AikidoSec/safe-chain development by creating an account on GitHub.

The attackers behind the nx attack have struck again, targeting a large amount of packages, with a first-of-its-kind worm payload.

Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware. The attack makes use of the Japanese hiragana character, ん, which can, on some systems, appear as a forward slash and make a phishing URL appear realistic to a person at first.

A simple typo of ghcr.io to ghrc.io would normally be a small goof. You’d typically get a 404 or similar error, finally work out the issue, fix it, and move along. But in this case, that typo appears to be doing something very malicious, stealing GitHub credentials. What’s ghcr.io? First, a quick bit of background. ghcr.io is an OCI conformant registry for container images and OCI artifacts used by a lot of projects. It’s part of GitHub and is a very popular image and artifact repository used by open source projects.

情報処理推進機構（IPA）の「脆弱性診断内製化ガイド」に関する情報です。

KiroのAI開発環境を安全に使うためのデータプライバシーとセキュリティ対策を解説。AWS責任共有モデルや暗号化、サービス改善のためのデータ利用について詳述。

A new agentic IDE that works alongside you from prototype to production

HashiCorp and AWS continue to support the widespread demand for standardized infrastructure lifecycle management with the Terraform AWS provider 6.0.

Change all your account passwords now — don’t wait: 16 billion credentials are confirmed as having been leaked.

The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.

GreyNoise uncovers a stealth campaign exploiting ASUS routers, enabling persistent backdoor access via CVE-2023-39780 and unpatched techniques. Learn how attackers evade detection, how GreyNoise discovered it with AI-powered tooling, and what defenders need to know.

CVE-2025-47577 flaw in TI WooCommerce Wishlist lets unauthenticated attackers upload malicious files—no patch yet, 100K+ sites at risk.

We showcase a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data. The vulnerability is among the first discovered by Invariant's security analyzer for detecting toxic agent flows.

FortiGuard Labs highlights a malware campaign's increasing sophistication of attack methodologies, leveraging the legitimate functionalities of remote administration tools for malicious purposes. L…

Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network.

Introducing Codex: a cloud-based software engineering agent that can work on many tasks in parallel, powered by codex-1. With Codex, developers can simultaneously deploy multiple agents to independently handle coding tasks such as writing features, answering questions about your codebase, fixing bugs, and proposing pull requests for review.

The Terraform MCP Server provides seamless integration with Terraform ecosystem, enabling advanced automation and interaction capabilities for Infrastructure as Code (IaC) development. - hashicorp/...

Find out how a simple npm package turned into a steganography attack using Google Calendar for malicious purposes. Stay alert!