Open Source | Breaking Cybersecurity News | The Hacker News

The transition to container-first infrastructure is complete, with microservices now powering production-critical workloads and driving digital innovation for most enterprises. While 100% of DevSecOps leaders view containerization as critical to their production strategy, this shift has been accompanied by a crisis in security frameworks. According to the ActiveState 2026 State of Vulnerability Management & Remediation Report , respondents' organizations faced a staggering 82% container breach rate over the past year. Many companies have tried to mitigate risk by "shifting left", empowering developers to build security into their code from the start while still leveraging containers and open-source software from public registries. But in 2026, the reality of shifting left has often meant shifting a mountain of undifferentiated remediation work (i.e., fixing someone else's code) onto already overextended engineering teams. How should Security Leaders think about container se...

Open-source intelligence (OSINT) was once a discipline primarily associated with criminal investigations and national intelligence work. Today, it has become a critical pillar in a wide range of corporate and operational processes from internal investigations and fraud detection to KYC, third-party validation, and due-diligence assessments. However, despite this shift in importance, OSINT is still frequently performed in an ad-hoc manner: how data is collected, how evidence is preserved, and operational security mechanisms often depend on individual habits rather than standardised practice. In many cases, investigations are even conducted directly from managed corporate devices, putting both the integrity of the intelligence operation and the wider enterprise network at unnecessary risk. This lack of standardisation introduces operational, security, and compliance risks that many organisations do not fully recognise until something goes wrong. Operational Risk Glazer is a sandboxed...

The software supply chain has become a prime target for cyberattacks, with incidents like SolarWinds and Log4j demonstrating the critical vulnerabilities inherent in today's development ecosystems. The growing reliance on open source software (OSS) amplifies this risk, with recent studies showing that up to 90% of modern applications rely on open source components. This article explores how organizations can mitigate software supply chain risks while continuing to leverage the innovation and flexibility of OSS. Why Software Supply Chains Are at Risk At its core, the supply chain relies on a complex web of contributors, libraries, and dependencies—each presenting a potential attack vector. Attackers exploit this complexity by injecting malicious code into trusted packages or targeting the infrastructure itself. Key risks include: Dependency Hell: Updating software is often so complex and fraught with technical risks that many developers avoid the process altogether, leaving them...