All news with #datadog tag

🔍 A new DataDog State of DevSecOps report finds 87% of organizations run at least one exploitable software vulnerability in production, affecting roughly 40% of services. Vulnerabilities are most prevalent in Java (59%), .NET (47%) and Rust (40%). After accounting for runtime and contextual factors, only 18% of critical dependency CVEs remain critical, with .NET seeing a 98% downgrade rate. The report urges contextual prioritization to reduce alert noise and operator burnout.

🔍 Datadog LLM Observability now automatically instruments Google’s Agent Development Kit (ADK), giving teams instant visibility into multi-step agent workflows without code changes. The integration traces planner decisions, tool calls, token usage, latency, and branching on a single timeline to simplify debugging and cost analysis. Built-in and custom evaluators detect hallucinations, PII leaks, and prompt injections, while replay and experiment features let teams iterate on prompts, models, and parameters before deployment.

⚠️ Researchers flagged a malicious Visual Studio Code extension named susvsex that auto-zips, uploads and encrypts files on first launch and uses GitHub as a command-and-control channel. Uploaded on November 5, 2025 and removed from Microsoft's VS Code Marketplace the next day, the package embeds GitHub access tokens and writes execution results back to a repository. Separately, Datadog disclosed 17 trojanized npm packages that deploy the Vidar infostealer via postinstall scripts.