https://www.aquasec.com/ Cloud Native Security, Container Security & Serverless Security Thu, 07 May 2026 12:59:44 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://www.aquasec.com/blog/known-techniques-unknown-speed-how-ai-changes-the-attack-chain/ Thu, 07 May 2026 12:58:05 +0000 https://www.aquasec.com/?p=27527 TLDR: AI-driven attacks on containerized environments are no longer theoretical. Frontier models can find vulnerabilities in hardened systems in hours and chain them into working exploits before your team has finished triaging the alert. When an attack moves that fast, the time your security program depends on between discovery and exploitation no longer exists. This …]]> https://www.aquasec.com/blog/autonomous-runtime-security-turning-runtime-intelligence-into-agentic-response/ Wed, 22 Apr 2026 05:30:26 +0000 https://www.aquasec.com/?p=27398 Security teams have spent years and billions of dollars shifting security left. This has changed what teams can see and introduced a new level of visibility, but it has not helped with what they can control. Last year, more than 48,000 new vulnerabilities were cataloged, growing at roughly 20 percent annually. Add to that the …]]> https://www.aquasec.com/blog/unveiling-the-mythos-behind-runtime-security/ Mon, 13 Apr 2026 13:10:04 +0000 https://www.aquasec.com/?p=27472 TLDR: We are about to have a serious problem: attackers no longer need months to investigate and exploit systems, they need minutes. Anthropic says its unreleased Claude Mythos Preview can autonomously find severe vulnerabilities, reproduce them and in some cases chain them into working exploits across hardened systems. The model was deemed too dangerous to …]]> https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/ Wed, 01 Apr 2026 07:00:11 +0000 https://www.aquasec.com/?p=27408 Open Source Security Advisory Update: Wednesday, April 1, 2026 Boston, MA 10:00 AM ET Over the past week, we have nearly finalized our investigation and are now in the final stages of documentation and review. There continues to be no indication that Aqua’s commercial products have been affected. As part of this process, we identified …]]> https://www.aquasec.com/blog/when-ai-writes-scans-and-fixes-code-runtime-becomes-the-last-line-of-defense/ Thu, 26 Feb 2026 07:04:42 +0000 https://www.aquasec.com/?p=27357 Anthropic recently launched Claude Code Security. Using its most advanced model, Claude Opus 4.6, the tool found over 500 high-severity vulnerabilities in production open-source codebases. These are bugs with security implications that had survived decades of expert review, continuous fuzzing, and multiple layers of automated scanning. The cybersecurity market reacted badly: roughly $15 billion in …]]> https://www.aquasec.com/blog/aqua-security-built-for-this-moment/ Thu, 12 Feb 2026 07:30:41 +0000 https://www.aquasec.com/?p=27332 Cyber Security is cyclical. For years now cloud security has been focused on visibility: perform the scans, collect the data, generate the alerts, centralize the dashboards. That made sense when cloud native was new and teams were still figuring out how to operate in containers, Kubernetes, and ephemeral infrastructure. But the environment has changed. Cloud …]]> https://www.aquasec.com/blog/cloud-threat-detection-and-the-growing-role-of-secops/ Thu, 08 Jan 2026 07:30:46 +0000 https://www.aquasec.com/?p=27281 Cloud threat detection is changing as attacks increasingly unfold inside running workloads rather than in static code or configuration layers. This shift affects how detection works in practice and how security teams are able to investigate incidents once alerts appear. In cloud environments, security operations rely on real time visibility to understand what workloads are …]]> https://www.aquasec.com/blog/critical-cve-in-react-server-components-actively-exploited/ Tue, 09 Dec 2025 17:30:47 +0000 https://www.aquasec.com/?p=27227 A newly disclosed vulnerability in React Server Components (RSC) dubbed as CVE-2025-55182, and also known as React2Shell, has introduced a severe remote code execution (RCE) vector impacting applications built with React 19 and frameworks that rely heavily on RSC, most notably Next.js. The flaw received a CVSS score of 10.0, reflecting its ease of exploitation, …]]> https://www.aquasec.com/blog/selective-memory-dump-for-deep-container-forensic-analysis/ Mon, 17 Nov 2025 12:55:43 +0000 https://www.aquasec.com/?p=27025 Every attack leaves a trail, but in containerized environments, that trail can vanish before you even realize you have been attacked. Containers are short-lived, and attackers exploit this by executing malware in memory, loading hidden payloads, or deploying rootkits, then silently modifying or deleting evidence to cover their tracks. By the time security teams are …]]> https://www.aquasec.com/blog/aqua-kubecon25-securing-cloud-native-and-ai-apps/ Tue, 04 Nov 2025 13:25:17 +0000 https://www.aquasec.com/?p=26975 Every KubeCon tells a story about where the cloud native world is headed. In 2025, that story is about the evolution of AI from a bad movie script to a core part of enterprise solutions. Cloud native applications and artificial intelligence are now part of the same conversation, with security emerging as the vital connection …]]>