Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Our previous post, How to Secure Microservices with SPIFFE and Istio, showed how to secure Kubernetes microservices using Istio policy and SPIFFE identities, with Teleport issuing the identities that the mesh trusts. The question teams face next is: How do you extend that identity-driven security model to workloads outside Kubernetes — such as VMs, edge gateways, and legacy services — without creating a massive certificate-management project?

Snyk started as a classic product-led growth company. For our first two years, we didn't need a sales team — the product sold itself to developers. That's a rare thing, and we're proud of it. It meant we had genuine product-market fit before we had a go-to-market motion. But markets evolve, and so did we. Today, AI coding agents are generating code at a velocity that significantly outpaces the ability of security teams to review it.

Today, we're announcing two new integrations with Anthropic that cover both sides of AI-assisted development. Evo by Snyk now integrates with Anthropic's Claude Enterprise, giving security and compliance teams a complete inventory of their Claude environment models, approved MCP servers, per model risk signals, and tool-level permissions in the platform they already use to govern the rest of the stack.

A phishing campaign exploited a glitch in Robinhood’s account creation process to send phishing emails from the investment platform’s own systems, SecurityWeek reports.

GitHub disclosed that attackers accessed its internal repositories after compromising an employee device through a poisoned Visual Studio Code extension. The company said the activity appears limited to GitHub-owned internal repositories, with the attacker’s claim of roughly 3,800 repositories being “directionally consistent” with its investigation. GitHub also said it found no evidence that customers’ own enterprises, organizations or repositories were impacted.

Trust is expensive. The wrong zero trust network security tool can leave you with more standing access and more risk than you started with. In today’s modern and complex environments, this sentiment matters more than ever. 22% of breaches involved credential abuse as the initial access vector. In this guide, we break down the best zero trust network security tools by category, helping you choose the optimal solution for your requirements.

The shift-left approach and prioritizing security from the very beginning of the coding process are what the tech industry talks endlessly about. Yet, many DevOps teams falsely believe that simply scanning code makes them secure. The harsh reality is that your CI/CD pipeline is rarely guarded with the same level of rigor and monitoring as the production environment it serves.