In March 2025, the cybersecurity community was rocked by a significant supply chain attack targeting a popular third-party GitHub Action, tj-actions/changed-files. This incident, tracked as CVE-2025-30066, has exposed vulnerabilities in up to 23,000 repositories. What Happened? The compromised GitHub Action, designed to detect file changes in pull requests or commits, allowed unauthorized access to sensitive information such as […]
The Reserve Bank of India (RBI) has issued Master Directions on cyber resilience and digital payment system controls emphasizing a "Secure by Design" approach under application security for digital payment systems. This directive underscores the growing importance of robust security measures in India's fast-growing digital payments landscape. It also marks a significant shift toward integrating […]
After engaging with hundreds of CISOs worldwide, it has become evident that the role of the CISO is undergoing a significant transformation. As organizations increasingly evolve into technology-centric entities, the traditional network-focused security approach is no longer adequate. The Shifting Security Paradigm A recurring theme in these discussions is the shift from merely protecting networks […]
A security vulnerability, CVE-2025-23359, has been identified in the NVIDIA Container Toolkit. This is a bypass of the original patch for CVE-2024-0132. The vulnerability was discovered by Wiz Research. The vulnerability, identified as CVE-2025-23359, is a bypass of a previous vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit. It involves a Time-of-Check Time-of-Use (TOCTOU) vulnerability. By […]
In February 2024, the JavaScript community faced another significant supply chain security incident when the popular lottie-player package was compromised. This attack serves as a stark reminder of the vulnerabilities in our modern software supply chain and the importance of maintaining robust security practices. Let’s dive into what happened, its implications, and how developers and […]
In today's cloud-native world, containers have become the building blocks of modern applications. Yet, beneath the surface of this technological revolution lurks a critical security challenge that many enterprises overlook – the security of their base container images. The Hidden Dangers in Your Container Pipeline Picture this: Your development team pulls a container image from […]
Introduction Open-source software (OSS) has become a cornerstone of modern technology, driving innovation and collaboration across industries. From its humble beginnings to its current widespread adoption, OSS has transformed the tech landscape. This blog explores the journey of open-source software, its current state, and what the future holds. The Past: The Birth and Growth of […]
In today's rapidly evolving landscape of containerized applications, ensuring the integrity and authenticity of container images has become paramount. Container image signing is a crucial security practice that addresses these concerns, providing a robust mechanism to verify the origin and integrity of container images throughout the software supply chain What is Container Image Signing? Container […]
In the world of software development, open source and container technologies have revolutionized the way we build, deploy, and manage applications. However, several myths persist about their security and usage. Let’s debunk some of these common misconceptions. In the realm of software development, open source and container technologies have transformed the way applications are built, […]
In today’s digital landscape, securing the software supply chain has become a critical priority. With the increasing complexity of software development and deployment, ensuring the integrity and security of software artifacts is paramount. This is where SLSA (Supply Chain Levels for Software Artifacts) comes into play. What is SLSA? SLSA, pronounced “salsa,” is a framework […]
The recent discovery of a critical vulnerability in NVIDIA’s Container Toolkit (CVE-2024-0132) has sent shockwaves through the AI and DevOps communities. This vulnerability serves as a stark reminder of the hidden dangers lurking within our AI infrastructure. Here, we delve into the key lessons learned and the steps that AI practitioners and DevOps teams must […]
In today's digital world, software supply chains are constantly under attack, which you often hear about in the news. At Triam Security, we believe developers shouldn't have to slow down to make things secure. We're all about finding new ways to make sure software stays safe without getting in the way of getting things done […]
