Cloud Native Security, Container Security & Serverless Security Tue, 09 Sep 2025 11:10:24 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://www.aquasec.com/blog/npm-software-supply-chain-critical-threat/ Tue, 09 Sep 2025 11:12:35 +0000 https://www.aquasec.com/?p=26541 A new software supply chain attack is targeting a series of highly popular open-source NPM packages unleashing malware across 18 foundational JavaScript packages that collectively accounted for a staggering 2.6 billion weekly downloads. This incident highlights how a compromised open-source package can quickly reach production environments, emphasizing the importance of visibility, security controls, and proactive …]]> https://www.aquasec.com/blog/combatting-phantom-secrets-with-historical-secret-scanning/ Thu, 26 Sep 2024 03:27:04 +0000 https://www.aquasec.com/?p=22743 You’ve likely heard of Schrödinger’s Cat from quantum mechanics—both alive and dead until the box is opened. This paradox mirrors a critical risk in modern development: the secrets embedded in your code. You might assume they’re long deleted, but until you examine the depths of commit history, you can’t be certain. Recently, Aqua Nautilus team …]]> https://www.aquasec.com/blog/lasting-legacy-of-log4j-lessons-for-runtime-security/ Wed, 13 Dec 2023 12:02:20 +0000 https://www.aquasec.com/?p=14178 Another December is upon us, stores are full of shoppers, lights are illuminating cities, towns and cul-de-sacs as radio stations bombard listeners with the continuous rotation of holiday music. Yet amongst all this merriment sits the IT security professional behind their screen completing their end of year tasks. Their eyes slowly twitch, and they fill …]]> https://www.aquasec.com/blog/combating-unknown-unknowns-in-hybrid-it-environments/ Wed, 08 Nov 2023 18:12:01 +0000 https://www.aquasec.com/?p=17498 Recent years have seen a dramatic 1400% increase in unknown unknowns, zero-day and fileless attacks, representing one of the most serious threats in cybersecurity today. The financial services sector is especially vulnerable given its complex, hybrid cloud IT environments comprising both legacy systems and modern cloud native platforms.  Security teams operate with a false sense …]]> https://www.aquasec.com/blog/zero-day-attack-prevention-through-supply-chain-security/ Thu, 02 Mar 2023 14:46:13 +0000 https://www.aquasec.com/?p=14460 Supply chain security has made lots of headlines recently thanks to events like the SolarWinds breach. That and similar events highlight the importance of having a strategy in place to respond to zero-day attacks which can take advantage of vulnerable software components. I recently organized a webinar with and Teresa Pepper, our EMEA Partner Manager. …]]> https://www.aquasec.com/blog/software-compositio-analysis-vs-supply-chain-security/ Thu, 09 Feb 2023 15:15:08 +0000 https://www.aquasec.com/?p=14463 As reliance on software increases in both personal and professional contexts, security of the software supply chain has become a critical concern. Ensuring the security and quality of software is essential for protecting against digital attacks, data breaches, and other cyber threats. Two practices that play a key role in ensuring software security are software …]]> https://www.aquasec.com/blog/summary-compliance-guide-to-ssdf/ Tue, 24 Jan 2023 11:00:00 +0000 https://www.aquasec.com/?p=14490 NIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework.  It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to methodical attacks on an organization’s code, infrastructure, development toolchain, and dependencies. …]]> https://www.aquasec.com/blog/slsa-or-cis-software-supply-chain-security-guidelines/ Thu, 12 Jan 2023 13:43:14 +0000 https://www.aquasec.com/?p=14492 With recent software supply chain attacks on the rise, CISOs being held personally liable, and the United States government requiring minimum security software standards for any products and services they procure, the development industry is refocusing on software development strategies that make security a priority. But with so many reputable sources creating guidance, which is …]]> https://www.aquasec.com/blog/supply-chain-security-shifting-left-to-the-golden-pipeline/ Wed, 11 Jan 2023 11:00:00 +0000 https://www.aquasec.com/?p=14493 According to an article in Security Magazine, 98% of organizations have been negatively impacted by a cybersecurity breach in their supply chain. Aqua’s 2021 Software Supply Chain Security Review notes that “attackers focused heavily on open source vulnerabilities and poisoning, code integrity issues, exploiting the software supply chain process and supplier trust to distribute malware …]]> https://www.aquasec.com/blog/achieve-software-supply-chain-compliance-with-us-executive-order-14028/ Tue, 06 Dec 2022 11:00:00 +0000 https://www.aquasec.com/?p=14537 Thanks to many factors like the rise of the cloud infrastructure, the abundance of prebuilt open-source code, and process improvements in DevOps, innovating with software is happening faster than ever. The software supply chain is the assembly line for these technological innovations and can be thought of as any combination of code, tools, and processes …]]>