The GitHub Actions Attack Pattern Your CI Security Scanners Miss - ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn't guarantee a secure pipeline, and how organizations can better govern their CI/CD workflows.
News alert: Insignary tackles SBOM accuracy gap as AI tools intensify software supply-chain risk - TORONTO, July 6, 2026, CyberNewswire – Insignary, Inc. , whose patented binary fingerprint technology has been cited in four Gartner research reports, today announced its recognition as a Sample Vendor for Reachability Analysis in the Gartner Hype Cycle for Secure Software Engineering, 2026 .
UK Government Launches Cyber Resilience Pledge, Claiming 60+ Signatories - More than 60 organizations, including M&S, Microsoft UK and Vodafone, have signed the UK government's Cyber Resilience Pledge, a new initiative aimed at boosting cyber security and resilience across British businesses
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations - An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and...
New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions - Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix , tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode....
What Changes When Your Software Supply Chain Includes AI Writing Your Code? - Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody chose on purpose? SolarWinds,...
How AI-leading Security Teams Are Building the Agentic SOC - AI-enabled attacks move faster than human analysts can track, at a scale that traditional SOCs weren’t designed to withstand. eCrime breakout times collapsed to 29 minutes on average in 2025, with the[…]
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware - Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit...
Phishing poses as big-brand job interview to steal Google accounts - A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals.