Project Lightwell is an AI‑powered initiative to find and fix vulnerabilities in open-source software at an industrial scale. Here's what we know so far.

IBM open-source security project Lightwell will use AI tools and over 20,000 engineers to help secure enterprise open-source software.

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

BellSoft announces the publication of a new report, “Security in the Blind Spot: What Spring Developers Don't Know About Their Own Containers,” including the results of a survey of developers ...

A survey from BellSoft found that Spring developers don’t know their Dockerfiles affect their security posture.

Hackers are exploiting unsupported F5 BIG-IP appliances to gain SSH access to enterprise Linux systems, turning trusted edge infrastructure into entry points for deeper attacks on identity systems and ...

Attackers have reduced the time to develop an exploit for a known vulnerability from 125 days to a mere half a day, thanks to the use of AI-assisted development, leaving vulnerability scanners ...

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...

DockSec correlates findings from container security scanners and uses AI to generate remediation guidance and exact Dockerfile fixes.

Claude Security – formerly Claude Code Security – has been tested by hundreds of companies in a limited research preview over the past two months, according to the company. Based on feedback, planned ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

Written by Isaac Wuest, Principal Product Manager at HeroDevs. When security teams think about end-of-life (EOL) open source software, the conversation usually starts and ends in the same place: no ...