JFrog discloses CVSS 9.8 React vulnerability putting millions of developers at risk

Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...
SecurityWeek

Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks

Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...
SecurityWeek

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation

A vulnerability in the enterprise wiki platform XWiki has been exploited in the wild as part of a cryptocurrency mining ...
SiliconANGLE

Seal Security raises $13M to scale automated open-source vulnerability remediation

Israeli cybersecurity startup Seal Cybersecurity Solutions Inc. today revealed that it has raised $13 million in new funding to accelerate its go-to-market efforts and expand its core vulnerability ...
SDxCentral

Open-source VMware deserters in zombie software risk

A large number of VMware users who have opted for an open-source alternative may be operating on outdated software. A report ...
Hosted on MSN

Ten years of OSSRA: what a decade of data tells us about the state of open source security

When the first Open Source Security and Risk Analysis (OSSRA) report was published in 2015, the software landscape looked very different. Security teams were just beginning to grasp the implications ...
Morningstar

ActiveState Expands Secure Open Source Offering for Enterprises with Vulnerability-free Container Images

Solution leverages the company's 30 years of open source experience, secure catalog of over 40M+ components, and hands-on expertise to help enterprises secure their software supply chain VANCOUVER, BC ...
The Register on MSN

AI blew open software security, now OpenAI wants to fix it with an agent called Aardvark

AI promises to find bugs and gaps in your apps After helping expand the modern software attack surface with the rise of AI ...
SDxCentral

Research: 52% of top 100 AI open-source projects contain vulnerabilities

Endor Labs released new research exploring emerging trends and risks associated with using existing open-source software in application development. Endor Labs’ "State Of Dependency Management 2023" ...

What Makes Open-Source DeFi Platforms Vulnerable To Hackers?

Open-source DeFi platforms are a cornerstone of decentralized innovation — transparent, collaborative, and accessible. But their openness also invites relentless scrutiny from hackers. Vulnerabilities ...
Bleeping Computer

Enhancing your DevSecOps with Wazuh, the open source XDR platform

DevSecOps, short for Development, Security, and Operations, is a methodology that integrates security practices into software Development Operations (DevOps). It emphasizes that security should be a ...
Morningstar

Trivy Partner Connect Welcomes Root, Strengthens Open Source Security Ecosystem

BOSTON and TEL AVIV, Israel, July 31, 2025 (GLOBE NEWSWIRE) -- Aqua Security, the pioneer in cloud native security and primary maintainer of Trivy, today announced that Root has joined the Trivy ...