29 matches found
Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j-vuln-demo Intentionally vulnerable demo image for Sys...
Filling the Most Common Gaps in Google Workspace Security
Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incide...
Wiz Recognized as a 2025 Customers’ Choice in the Gartner® Peer Insights™ Voice of the Customer for CNAPP
Wiz is proud to be the only vendor recognized as a Customers’ Choice for two consecutive years...
HummerCloud HummerRisk 安全漏洞
HummerCloud HummerRisk is an open source cloud-native security platform from China's HummerCloud, which solves security and governance issues in cloud-native environments in a non-intrusive way, with core capabilities including security governance for hybrid clouds and cloud-native security...
EUVD-2025-7996
Malicious code in bioql PyPI...
EUVD-2024-20841
Malicious code in bioql PyPI...
Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can't keep ...
CVE-2025-29778
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...
CVE-2025-29778
Kyverno (policy engine for cloud-native platforms) contains a vulnerability prior to version 1.14.0-alpha.1 where artifact verification in keyless mode ignores subjectRegExp and IssuerRegExp, allowing deployment of Kubernetes resources signed with an unexpected certificate and potentially full cl...
Wiz becomes the first CNAPP to provide native security to Akamai Linode Cloud
Wiz customers can now secure everything they build and run on Akamai Linode Cloud, providing organizations the broadest cloud coverage out of any CNAPP...
OESA-2024-1220 jss security update
JSS offers a implementation for java-based applications to use native NSS. Security Fixes: A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the...
HummerCloud HummerRisk Security Breach
HummerCloud HummerRisk is an open source cloud-native security platform from China's HummerCloud, which solves security and governance issues in cloud-native environments in a non-intrusive way, with core capabilities including security governance for hybrid clouds and cloud-native security...
CVE-2023-24832
A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execut...
Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as...
Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as...
Command Execution Vulnerability in Elkeid of Beijing Jitterbug Information Service Co.
Elkeid is a cloud-native host-based security intrusion detection and risk identification solution. A command execution vulnerability exists in Elkeid by Beijing Jitterbug Information Service Co. that can be exploited by an attacker to execute arbitrary commands with elevated privileges on HOST...
Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report
We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture. Wi...
QSC 2022: Listening to the Voice of the Customer
It would be redundant to state that today’s threat landscape is growing increasingly sophisticated and erratic. With all types of attacks becoming “commonplace,” the baseline for normal is abnormal. Bad actors are taking advantage of whatever attack vector they can whether that is a phishing...
Cloud Threat Detection: To Agent or Not to Agent?
The shift towards cloud and cloud-native application architectures represents an evolutionary step forward from older paradigms. The adoption of containers, Kubernetes, and serverless functions, along with the use of cloud-based infrastructure, introduces a new set of risks and security challenge...
5 Cloud Native Security Platform Must-haves
Discover 5 key security components to review and how to leverage a cloud native security platform with Mick McCluney Trend Micro and Kelly Griffin AWS...