Nick Mark, MD @nick

Tanya Janca | SheHacksPurple :verified: :verified:🎥 Missed one of my past conference talks? Let’s fix that.I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.“DevSecOps with OWASP DevSlop” 📽️ <a href="https://twp.ai/4ipX6g" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/4ipX6g</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/SecurityAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityAwareness</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a>

Jason St-Cyr :mstdn:I have a new tutorial up on the Puppet blog! This time, tackling vulnerability remediation in Puppet Enterprise Advanced. The steps in the tutorial will show you how to: * Locate a CVE an the nodes affected by the CVE * Create a job to remediate the vulnerability on those nodes. * Review the progress and success of the patching.I hope this helps!<a href="https://www.puppet.com/blog/vulnerability-remediation-puppet-advanced-patching" rel="nofollow noopener" translate="no" target="_blank">https://www.puppet.com/blog/vulnerability-remediation-puppet-advanced-patching</a><a href="https://mstdn.ca/tags/puppet" class="mention hashtag" rel="nofollow noopener" target="_blank">#puppet</a> <a href="https://mstdn.ca/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devops</a> <a href="https://mstdn.ca/tags/sre" class="mention hashtag" rel="nofollow noopener" target="_blank">#sre</a> <a href="https://mstdn.ca/tags/compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#compliance</a> <a href="https://mstdn.ca/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a> <a href="https://mstdn.ca/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a>

Tanya Janca | SheHacksPurple :verified: :verified:If you’re working in <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> or <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> and want to streamline your operations, let’s talk — I’d love to introduce you!<a href="https://twp.ai/4iptNT" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/4iptNT</a>4/4

Wu Evar 🇪🇺🇺🇦<a href="https://mastodon.green/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://mastodon.green/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a> Ahahaha 😆 Das Ding ist sooooo on-point.<a href="https://www.youtube.com/watch?v=rXPpkzdS-q4" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=rXPpkzdS-q4</a>

Tanya Janca | SheHacksPurple :verified: :verified:🎥 Missed one of my past conference talks? Let’s fix that.I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.“Security is Everybody’s Job” 📽️ <a href="https://twp.ai/4ion6e" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/4ion6e</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/SecurityAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityAwareness</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devops</a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a>

TechnoTenshi :verified_trans: :Fire_Lesbian:SecretSpec offers a new declarative approach to secrets management, enabling one spec to work across local dev, CI/CD, and production with different providers, all without changing app code. Not a paid promotion or endorsement.<a href="https://devenv.sh/blog/2025/07/21/announcing-secretspec-declarative-secrets-management/#a-world-of-possibilities" rel="nofollow noopener" translate="no" target="_blank">https://devenv.sh/blog/2025/07/21/announcing-secretspec-declarative-secrets-management/#a-world-of-possibilities</a><a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/SecretsManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecretsManagement</a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a>

Pyrzout :vm:Making security and development co-owners of DevSecOps <a href="https://www.helpnetsecurity.com/2025/07/18/galal-ibrahim-maghola-devsecops-practices-tips/" rel="nofollow noopener" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/07/18/galal-ibrahim-maghola-devsecops-practices-tips/</a> <a href="https://social.skynetcloud.site/tags/Artificialintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#Artificialintelligence</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/automation" class="mention hashtag" rel="nofollow noopener" target="_blank">#automation</a> <a href="https://social.skynetcloud.site/tags/compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#compliance</a> <a href="https://social.skynetcloud.site/tags/G42Company" class="mention hashtag" rel="nofollow noopener" target="_blank">#G42Company</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://social.skynetcloud.site/tags/Features" class="mention hashtag" rel="nofollow noopener" target="_blank">#Features</a> <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hotstuff</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a>

jpmellojrDiscover the true cost of CVEs & why moving beyond vulnerabilities is a MUST for effective cybersecurity! <a href="https://jpmellojr.blogspot.com/2025/07/the-true-cost-of-cves-why-you-need-to.html" rel="nofollow noopener" target="_blank">https://jpmellojr.blogspot.com/2025/07/the-true-cost-of-cves-why-you-need-to.html</a> <a href="https://noc.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://noc.social/tags/CVEs" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVEs</a> <a href="https://noc.social/tags/SecurityPrioritization" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityPrioritization</a> <a href="https://noc.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://noc.social/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerabilities</a>

Tanya Janca | SheHacksPurple :verified: :verified:🎥 Missed one of my past conference talks? Let’s fix that.I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.“DevSecOps with OWASP DevSlop” 📽️ <a href="https://twp.ai/4iofNZ" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/4iofNZ</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/SecurityAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityAwareness</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a>

Lisi HockeHave you heard? I'm giving my workshop "Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day" at NDC Porto this year! Super excited to experience this conference, share and learn with folks. 🤩<a href="https://ndcporto.com/workshops/part-1-2-secure-development-lifecycle-applied-how-to-make-things-a-bit-more-secure-than-yesterday-every-day/4ebef8044659" rel="nofollow noopener" translate="no" target="_blank">https://ndcporto.com/workshops/part-1-2-secure-development-lifecycle-applied-how-to-make-things-a-bit-more-secure-than-yesterday-every-day/4ebef8044659</a><a href="https://mastodon.social/tags/NDCPorto" class="mention hashtag" rel="nofollow noopener" target="_blank">#NDCPorto</a> <a href="https://mastodon.social/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a>

TechnoTenshi :verified_trans: :Fire_Lesbian:FOKS launches as a federated, end-to-end post-quantum encrypted Git and KV hosting tool, with support for YubiKeys, team management, and privacy-preserving metadata. Fully open-source and bootstrapped.<a href="https://foks.pub/" rel="nofollow noopener" translate="no" target="_blank">https://foks.pub/</a><a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#Encryption</a> <a href="https://infosec.exchange/tags/PostQuantum" class="mention hashtag" rel="nofollow noopener" target="_blank">#PostQuantum</a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a>

TechnoTenshi :verified_trans: :Fire_Lesbian:Helm v3.18.3 and earlier are vulnerable to local code execution via a crafted Chart.yaml and symlinked Chart.lock. Exploit occurs during dependency updates. Patched in v3.18.4.<a href="https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm" rel="nofollow noopener" translate="no" target="_blank">https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm</a><a href="https://infosec.exchange/tags/Helm" class="mention hashtag" rel="nofollow noopener" target="_blank">#Helm</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://infosec.exchange/tags/GoLang" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoLang</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a>

**knoppix** @knoppix95@mastodon.social · Jul 4 *

Jul 4 *

knoppix @knoppix95@mastodon.social

A critical Linux vulnerability (CVE-2025-32463) in Sudo lets any local unprivileged user gain root via the --chroot (-R) option

Affects default configs on Ubuntu, Fedora & others — no Sudo rules needed
Fix: Update to Sudo 1.9.17p1+ (no workarounds)
CVSS: 9.8 (Critical)

Highlights persistent risks in open-source privilege handling

https://cybersecuritynews.com/linux-sudo-chroot-vulnerability/

#Linux #Sudo #FOSS #CyberSecurity #InfoSec #OpenSource #Vulnerability #Root #Exploit #SysAdmin #DevSecOps #Tech @TechNews

**Pyrzout** @jos1264@social.skynetcloud.site · Jul 3

**Tanya Janca | SheHacksPurple** @SheHacksPurple@infosec.exchange · Jun 26

**Anders Eknert** @anderseknert@swecyb.com · Jun 26

Jun 26

Anders Eknert @anderseknert@swecyb.com

"regal-main test bundle ran 2.54 times faster than regal test bundle"

#OPA's new parallel test runner doing it's magic in Regal, where 800 unit tests now execute in half a second (down from 1.4). Shipping with the next OPA release, which if all goes well should be later today :)

Amazing work by OPA maintainer Sebastian Spaink

#CloudNative #DevOps #DevSecOps

**RSOLV** @rsolv@infosec.exchange · Jun 25

**No Starch Press** @nostarch@mastodon.social · Jun 23

Jun 23

No Starch Press @nostarch@mastodon.social

Learn how Windows manages authentication, access control, and resource permissions with clarity and precision.

This book offers hands-on PowerShell examples that guide you through key internals like the Security Reference Monitor, SAM, and Kerberos—ideal for researchers, defenders, and developers.

https://nostarch.com/windows-security-internals

#cybersecurity #infosec #informationsecurity

Recent searches

Search options

Administered by:

Server stats:

#devsecops