<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>RUNTIME SECURITY - Aqua</title>
	<atom:link href="https://www.aquasec.com/category/runtime-security/feed/" rel="self" type="application/rss+xml" />
	<link></link>
	<description>Cloud Native Security, Container Security &#38; Serverless Security</description>
	<lastBuildDate>Thu, 25 Jun 2026 18:19:31 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>
	<item>
		<title>Integrate Aqua and Splunk for Full Visibility Into Runtime Threats</title>
		<link>https://www.aquasec.com/blog/integrate-aqua-and-splunk-for-full-visibility-into-runtime-threats/</link>
		
		<dc:creator><![CDATA[Aqua Security]]></dc:creator>
		<pubDate>Tue, 23 Jun 2026 13:20:42 +0000</pubDate>
				<category><![CDATA[RUNTIME SECURITY]]></category>
		<guid isPermaLink="false">https://www.aquasec.com/?p=27606</guid>

					<description><![CDATA[<div class="hs-featured-image-wrapper"><a href="https://www.aquasec.com/blog/integrate-aqua-and-splunk-for-full-visibility-into-runtime-threats/" title="Integrate Aqua and Splunk for Full Visibility Into Runtime Threats" class="hs-featured-image-link"><img src="https://www.aquasec.com/wp-content/uploads/2026/06/Social-Splunk-Aqua-Integration.jpg" alt="Integrate Aqua and Splunk for Full Visibility Into Runtime Threats" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"></a></div>TL;DR When a container is compromised, the SOC needs the full picture of what happened and fast. The problem is that runtime security data from cloud native workloads often lives outside Splunk, in a separate tool the analyst must pivot to at exactly the wrong moment. Aqua&#8217;s integration with Splunk solves this by streaming its&#160;&mldr;]]></description>
		
		
		
			</item>
		<item>
		<title>How Do You Measure FAIR Risk in the Mythos Era?</title>
		<link>https://www.aquasec.com/blog/how-do-you-measure-fair-risk-in-the-mythos-era/</link>
		
		<dc:creator><![CDATA[Aqua Security]]></dc:creator>
		<pubDate>Tue, 09 Jun 2026 13:13:53 +0000</pubDate>
				<category><![CDATA[RUNTIME SECURITY]]></category>
		<guid isPermaLink="false">https://www.aquasec.com/?p=27584</guid>

					<description><![CDATA[<div class="hs-featured-image-wrapper"><a href="https://www.aquasec.com/blog/how-do-you-measure-fair-risk-in-the-mythos-era/" title="How Do You Measure FAIR Risk in the Mythos Era?" class="hs-featured-image-link"><img src="https://www.aquasec.com/wp-content/uploads/2026/06/Social-FAIR-RISK-Mythos-blog.jpg" alt="How Do You Measure FAIR Risk in the Mythos Era?" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"></a></div>TL;DR: Frontier AI models are discovering zero day vulnerabilities and weaponizing them in hours. Boards, regulators and underwriters have noticed, and they are asking a question most CISOs cannot answer: &#8220;What does our exposure cost in dollars?&#8221; Reporting in CVE counts and CVSS scores made sense when the threat timeline gave security teams room to&#160;&mldr;]]></description>
		
		
		
			</item>
		<item>
		<title>When AI Writes, Scans and Fixes Code, Runtime Becomes the Last Line of Defense</title>
		<link>https://www.aquasec.com/blog/when-ai-writes-scans-and-fixes-code-runtime-becomes-the-last-line-of-defense/</link>
		
		<dc:creator><![CDATA[Aqua Security]]></dc:creator>
		<pubDate>Thu, 26 Feb 2026 07:04:42 +0000</pubDate>
				<category><![CDATA[RUNTIME SECURITY]]></category>
		<category><![CDATA[AI Security]]></category>
		<category><![CDATA[Aqua Security]]></category>
		<category><![CDATA[Cloud Native Security]]></category>
		<category><![CDATA[Cloud security]]></category>
		<category><![CDATA[Code security]]></category>
		<category><![CDATA[Container Security]]></category>
		<category><![CDATA[Runtime Security]]></category>
		<guid isPermaLink="false">https://www.aquasec.com/?p=27357</guid>

					<description><![CDATA[<div class="hs-featured-image-wrapper"><a href="https://www.aquasec.com/blog/when-ai-writes-scans-and-fixes-code-runtime-becomes-the-last-line-of-defense/" title="When AI Writes, Scans and Fixes Code, Runtime Becomes the Last Line of Defense" class="hs-featured-image-link"><img src="https://www.aquasec.com/wp-content/uploads/2026/02/Social-cloude-code-blog-images.jpg" alt="When AI Writes, Scans and Fixes Code, Runtime Becomes the Last Line of Defense" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"></a></div>TL;DR Anthropic recently launched Claude Code Security. Using its most advanced model, Claude Opus 4.6, the tool found over 500 high-severity vulnerabilities in production open-source codebases. These are bugs with security implications that had survived decades of expert review, continuous fuzzing, and multiple layers of automated scanning. The cybersecurity market reacted badly: roughly $15 billion&#160;&mldr;]]></description>
		
		
		
			</item>
		<item>
		<title>Cloud Threat Detection in 2026: The Growing Role of SecOps</title>
		<link>https://www.aquasec.com/blog/cloud-threat-detection-and-the-growing-role-of-secops/</link>
		
		<dc:creator><![CDATA[Aqua Security]]></dc:creator>
		<pubDate>Thu, 08 Jan 2026 07:30:46 +0000</pubDate>
				<category><![CDATA[RUNTIME SECURITY]]></category>
		<guid isPermaLink="false">https://www.aquasec.com/?p=27281</guid>

					<description><![CDATA[<div class="hs-featured-image-wrapper"><a href="https://www.aquasec.com/blog/cloud-threat-detection-and-the-growing-role-of-secops/" title="Cloud Threat Detection in 2026: The Growing Role of SecOps" class="hs-featured-image-link"><img src="https://www.aquasec.com/wp-content/uploads/2026/01/Social-Gartner-blog-Cloud-Threat-Detection-2026.jpg" alt="Cloud Threat Detection in 2026: The Growing Role of SecOps" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"></a></div>Cloud threat detection is changing as attacks increasingly unfold inside running workloads rather than in static code or configuration layers. This shift affects how detection works in practice and how security teams are able to investigate incidents once alerts appear. In cloud environments, security operations rely on real time visibility to understand what workloads are&#160;&mldr;]]></description>
		
		
		
			</item>
		<item>
		<title>Selective Memory Dump Technique for Deeper Container Forensic Analysis</title>
		<link>https://www.aquasec.com/blog/selective-memory-dump-for-deep-container-forensic-analysis/</link>
		
		<dc:creator><![CDATA[Aqua Security]]></dc:creator>
		<pubDate>Mon, 17 Nov 2025 12:55:43 +0000</pubDate>
				<category><![CDATA[RUNTIME SECURITY]]></category>
		<category><![CDATA[Cloud Workload Protection Platform CWPP]]></category>
		<category><![CDATA[Container Security]]></category>
		<category><![CDATA[Runtime Security]]></category>
		<guid isPermaLink="false">https://www.aquasec.com/?p=27025</guid>

					<description><![CDATA[<div class="hs-featured-image-wrapper"><a href="https://www.aquasec.com/blog/selective-memory-dump-for-deep-container-forensic-analysis/" title="Selective Memory Dump Technique for Deeper Container Forensic Analysis" class="hs-featured-image-link"><img src="https://www.aquasec.com/wp-content/uploads/2025/11/Social-container-memory-forensic-blog.jpg" alt="Selective Memory Dump Technique for Deeper Container Forensic Analysis" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"></a></div>Every attack leaves a trail, but in containerized environments, that trail can vanish before you even realize you have been attacked. Containers are short-lived, and attackers exploit this by executing malware in memory, loading hidden payloads, or deploying rootkits, then silently modifying or deleting evidence to cover their tracks. By the time security teams are&#160;&mldr;]]></description>
		
		
		
			</item>
		<item>
		<title>Supply Chain Security Risk: GitHub Action tj-actions/changed-files Compromised</title>
		<link>https://www.aquasec.com/blog/github-action-tj-actions-changed-files-compromised/</link>
		
		<dc:creator><![CDATA[Aqua Security]]></dc:creator>
		<pubDate>Sat, 15 Mar 2025 21:41:22 +0000</pubDate>
				<category><![CDATA[RUNTIME SECURITY]]></category>
		<category><![CDATA[Security Threats]]></category>
		<category><![CDATA[Software Supply Chain Security]]></category>
		<category><![CDATA[Supply Chain Attacks]]></category>
		<guid isPermaLink="false">https://www.aquasec.com/?p=24868</guid>

					<description><![CDATA[<div class="hs-featured-image-wrapper"><a href="https://www.aquasec.com/blog/github-action-tj-actions-changed-files-compromised/" title="Supply Chain Security Risk: GitHub Action tj-actions/changed-files Compromised" class="hs-featured-image-link"><img src="https://www.aquasec.com/wp-content/uploads/2025/03/GitHub-Action-tj-actionschanged-files.jpg" alt="Supply Chain Security Risk: GitHub Action tj-actions/changed-files Compromised" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"></a></div>On March 14th, 2025, security researchers discovered a critical software supply chain vulnerability in the widely-used GitHub Action tj-actions/changed-files (CVE-2025-30066). This vulnerability allows remote attackers to expose CI/CD secrets via the action&#8217;s build logs. The issue affects users who rely on the tj-actions/changed-files action in GitHub workflows to track changed files within a pull request.&#160;&mldr;]]></description>
		
		
		
			</item>
		<item>
		<title>Walk the Line: High-Fidelity Incident Detection Without Disruption</title>
		<link>https://www.aquasec.com/blog/walk-the-line-high-fidelity-incident-detection-without-disruption/</link>
		
		<dc:creator><![CDATA[Aqua Security]]></dc:creator>
		<pubDate>Thu, 10 Oct 2024 03:24:14 +0000</pubDate>
				<category><![CDATA[RUNTIME SECURITY]]></category>
		<guid isPermaLink="false">https://www.aquasec.com/?p=23040</guid>

					<description><![CDATA[<div class="hs-featured-image-wrapper"><a href="https://www.aquasec.com/blog/walk-the-line-high-fidelity-incident-detection-without-disruption/" title="Walk the Line: High-Fidelity Incident Detection Without Disruption" class="hs-featured-image-link"><img src="https://www.aquasec.com/wp-content/uploads/2024/10/blog-main-High-Fid-1200x628-2024-final.jpg" alt="Walk the Line: High-Fidelity Incident Detection Without Disruption" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"></a></div>In the dynamic world of cloud native, security teams are inundated with an overwhelming flood of alerts—far too many for any team to realistically manage. This constant barrage creates a risky dilemma: sift through the noise or silence alerts, risking missing real attacks. Like Johnny Cash’s “Walk the Line,” security teams must strike a careful&#160;&mldr;]]></description>
		
		
		
			</item>
		<item>
		<title>Go deeper: Linux runtime visibility meets Wireshark</title>
		<link>https://www.aquasec.com/blog/go-deeper-linux-runtime-visibility-meets-wireshark/</link>
		
		<dc:creator><![CDATA[Aqua Security]]></dc:creator>
		<pubDate>Wed, 07 Aug 2024 15:57:42 +0000</pubDate>
				<category><![CDATA[CONTAINER SECURITY]]></category>
		<category><![CDATA[RUNTIME SECURITY]]></category>
		<category><![CDATA[Aqua Open Source]]></category>
		<category><![CDATA[Tracee]]></category>
		<guid isPermaLink="false">https://www.aquasec.com/?p=21380</guid>

					<description><![CDATA[<div class="hs-featured-image-wrapper"><a href="https://www.aquasec.com/blog/go-deeper-linux-runtime-visibility-meets-wireshark/" title="Go deeper: Linux runtime visibility meets Wireshark" class="hs-featured-image-link"><img src="https://www.aquasec.com/wp-content/uploads/2024/08/Tracee-shark-blog-social.jpg" alt="Go deeper: Linux runtime visibility meets Wireshark" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"></a></div>Aqua Tracee is an open source runtime security and forensics tool for Linux, built to address common Linux security issues. Tracee’s main use case is to be installed in a production environment and continuously monitor system activity and detect suspicious behavior. Some alternative use cases which Tracee can be used for are dynamic malware analysis,&#160;&mldr;]]></description>
		
		
		<enclosure url="https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Tracee%20live%20capture.mp4" length="5122181" type="video/mp4" />

			</item>
		<item>
		<title>Understanding the Importance of Runtime Security in Cloud Native Environments</title>
		<link>https://www.aquasec.com/blog/understanding-the-importance-of-runtime-security-in-cloud-native-environments/</link>
		
		<dc:creator><![CDATA[Aqua Security]]></dc:creator>
		<pubDate>Mon, 17 Jun 2024 12:46:23 +0000</pubDate>
				<category><![CDATA[RUNTIME SECURITY]]></category>
		<guid isPermaLink="false">https://www.aquasec.com/?p=20495</guid>

					<description><![CDATA[<div class="hs-featured-image-wrapper"><a href="https://www.aquasec.com/blog/understanding-the-importance-of-runtime-security-in-cloud-native-environments/" title="Understanding the Importance of Runtime Security in Cloud Native Environments" class="hs-featured-image-link"><img src="https://www.aquasec.com/wp-content/uploads/2024/06/Understanding-the_-Importance-of-Runtime-Security-1200x628-main.jpg" alt="Understanding the Importance of Runtime Security in Cloud Native Environments" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"></a></div>Gartner has estimated that “90% of global organizations will be running containerized applications in production by 2026—up from 40% in 2021.”   The inherent benefits of cloud native application development enable developers to introduce new code into the environment at an accelerated rate. However, the dynamic nature of these environments amplifies the risks associated with runtime&#160;&mldr;]]></description>
		
		
		
			</item>
		<item>
		<title>Combat Zero-Day Threats with Aqua’s New eBPF Lightning Enforcer</title>
		<link>https://www.aquasec.com/blog/combat-zero-day-threats-with-aquas-ebpf-lightning-enforcer/</link>
		
		<dc:creator><![CDATA[Aqua Security]]></dc:creator>
		<pubDate>Tue, 22 Nov 2022 11:00:00 +0000</pubDate>
				<category><![CDATA[RUNTIME SECURITY]]></category>
		<category><![CDATA[CNAPP]]></category>
		<category><![CDATA[ebpf]]></category>
		<category><![CDATA[Runtime Security]]></category>
		<guid isPermaLink="false">https://www.aquasec.com/?p=14558</guid>

					<description><![CDATA[<div class="hs-featured-image-wrapper"><a href="https://www.aquasec.com/blog/combat-zero-day-threats-with-aquas-ebpf-lightning-enforcer/" title="Combat Zero-Day Threats with Aqua’s New eBPF Lightning Enforcer" class="hs-featured-image-link"><img src="https://www.aquasec.com/wp-content/uploads/2022/11/Blog-Image-Combat-Zero-Day-Threats-with-Aquas-New-eBPF-Lightning-Enforcer.jpg" alt="Combat Zero-Day Threats with Aqua’s New eBPF Lightning Enforcer" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"></a></div>We are excited to announce the latest addition to our portfolio, our eBPF-based Aqua Lightning Enforcer. It’s designed for busy security professionals to detect zero-day attacks and sophisticated threats that occur in runtime. It utilizes eBPF technology, making it more effective, safer, and faster. The new Lightning Enforcer and our Runtime Protection solution is an&#160;&mldr;]]></description>
		
		
		
			</item>
	</channel>
</rss>
