Whether shaping strategy or crafting code, CramHacks keeps you informed.
Connect
The AI race has created a cesspool of third-party packages
Hey, do you know about supply chain security? ... You mean SBOMs?
This one is for you CVE hype beasts looking to fill your resume 😉
20% of Docker Hub's repos host malicious content, OWASP Critique, and SCA Marketing Nonsense
Building an AppSec Program, AI Exploiting Vulns, Compliance as Code, Artifact Attestations
Shifting left!, Google lays off Python team, hardened container images, and more!
Korea fears AI supply chain, GitHub hosts malware, Microsoft AD account compromise, EPSS Predicts Exploitability, and DataDog's State of DevSecOps
CISA releases Next-Gen Malware Analysis, Sisense's Security Slip-Up, Debating SAST's Value, Secure Defaults!
Neglecting the National Vulnerability Database: A Flaw We Can't Afford
Top 10 threats for 2030, End-of-life containers can mean 400+ CVEs per year, A review of zero-day in-the-wild exploits, and more!
xz/liblzma backdoor, PyPi suspends user registrations, OSV-Scanner offers guided remediation, and Chief AI Officers
Semgrep Assistant, GitHub Copilot, Active Exploitation Targeting the Ray AI Framework, Stay Safe from Repo-Jacking, and more!
Manager admits to SIM Swapping, GitGuarding State of Secrets, Comparing Dependabot/Semgrep/Snyk
Ex-Google Software Engineer Charged, Secure Software Development Attestation Form, NVD vulnerability reviews on pause
DevSecOps Automation Matrix, Cloudflare's Firewall for AI, $22M Ransomware Payment, Waymo approved in Los Angeles