What Security Should Look Like When Built for Developers

Security tools should support the way developers actually work. Here’s how we’re reimagining what that looks like...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +7649 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.77)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2025.05.12.160240-6152e21 and more Source cves: CVE-2025-8885 Source...

Qualys has introduced Agentic AI, a solution for autonomous cyber risk management

Qualys hasintroducedAgentic AI, a solution for autonomous cyber risk management. As part of this solution, Qualys provides ready-to-use Cyber Risk Agents that operate autonomously and act as an additional skilled digital workforce. Agentic AI not only detects issues and provides analytics but als...

CVE-2025-54430

dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...

@ballerine/workflows-service (>=0.4.6 <=0.5.49), @digitaltg/vc-signer (=1.0.0) +9 more potentially affected by CVE-2025-54782 via @nestjs/devtools-integration (=0.1.6)

@nestjs/devtools-integration NPM version =0.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on @nestjs/devtools-integration and may be impacted: - @ballerine/workflows-service =0.4.6, =0.0.37, =0.0.4, =0.0.1, =0.0.6, =0.0.82, =0.0.32, =1.0.0, =1.0.9 -...

How Microsoft defends against indirect prompt injection attacks

Summary The growing adoption of large language models LLMs in enterprise workflows has introduced a new class of adversarial techniques: indirect prompt injection. Indirect prompt injection can be used against systems that leverage large language models LLMs to process untrusted data...

Smarter ITSM Automation with ServiceNow Integration

Effective Information Technology and Service Management ITSM today requires intelligent automation, proactive security, and seamless integration between platforms. To keep security operations efficient, vulnerability management workflows need to be streamlined and connected with broader IT...

GHSA-76C9-3JPH-RJ3Q vulnerabilities

Vulnerabilities for packages: code-server, sqlpad, tileserver-gl, serve, argo-workflows, kubeflow-centraldashboard, thingsboard, json-server, vitess...

CVE-2025-7339 vulnerabilities

Vulnerabilities for packages: code-server, sqlpad, tileserver-gl, serve, argo-workflows, kubeflow-centraldashboard, thingsboard, json-server, vitess...

CVE-2025-7339 vulnerabilities

Vulnerabilities for packages: sqlpad, vitess, kubeflow-centraldashboard, tileserver-gl, thingsboard, argo-workflows, code-server, json-server, serve, tileserver-gl-fips...

GHSA-76C9-3JPH-RJ3Q vulnerabilities

Vulnerabilities for packages: sqlpad, vitess, kubeflow-centraldashboard, tileserver-gl, thingsboard, argo-workflows, code-server, json-server, serve, tileserver-gl-fips...

Wiz MCP Server Now Available in the new AWS Marketplace AI Agents and Tools category

Improve security posture and remediate risks faster using natural language workflows...

GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows

Paris, France, 15th July 2025, CyberNewsWire...

Malicious code in shared-workflows (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d2e9e3bd8389efce3114016d94776de4d6947e98d829761b9bb1be64e02ff66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5956 Malicious code in shared-workflows (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d2e9e3bd8389efce3114016d94776de4d6947e98d829761b9bb1be64e02ff66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SynthGuard: Redefining Synthetic Data Generation with a Scalable and Privacy-Preserving Workflow Framework

The growing reliance on data-driven applications in sectors such as healthcare, finance, and law enforcement underscores the need for secure, privacy-preserving, and scalable mechanisms for data generation and sharing. Synthetic data generation SDG has emerged as a promising approach but often...

Game Theory Meets LLM and Agentic AI: Reimagining Cybersecurity for the Age of Intelligent Threats

Protecting cyberspace requires not only advanced tools but also a shift in how we reason about threats, trust, and autonomy. Traditional cybersecurity methods rely on manual responses and brittle heuristics. To build proactive and intelligent defense systems, we need integrated theoretical...

Clio-X: AWeb3 Solution for Privacy-Preserving AI Access to Digital Archives

As archives turn to artificial intelligence to manage growing volumes of digital records, privacy risks inherent in current AI data practices raise critical concerns about data sovereignty and ethical accountability. This paper explores how privacy-enhancing technologies PETs and Web3 architectur...

Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It

Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leak —and most teams don't even realize it. If you're building,...

CVE-2025-30360 vulnerabilities

Vulnerabilities for packages: argo-workflows...