Med-Mastodon

Tanya Janca | SheHacksPurple :verified: :verified:Is there an <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> or <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> trend right now that you think is overhyped? Which one and whyyyyyy? Tell me your feels <a href="https://infosec.exchange/tags/talkappsectome" class="mention hashtag" rel="nofollow noopener" target="_blank">#talkappsectome</a>

James Moceri 🔐Hello <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> community!I'm James (JMo), a Institute of Data x Michigan Tech Cybersecurity Bootcamp grad who built an open-source security scanner as part of my capstone project.**JMo Security** orchestrates 11 tools (Trivy, Semgrep, TruffleHog, ZAP, Falco) with: ✅ Multi-target scanning (repos, containers, IaC, web apps, GitLab, K8s) ✅ Auto-compliance mapping (OWASP, CWE, NIST, PCI DSS, CIS, ATT&CK) ✅ Unified reporting (dashboard, SARIF, JSON)**Quick start:** pip install jmo-security jmotools wizard📖 Docs: <a href="https://docs.jmotools.com" rel="nofollow noopener" translate="no" target="_blank">https://docs.jmotools.com</a> 🐙 GitHub: <a href="https://github.com/jimmy058910/jmo-security-repo" rel="nofollow noopener" translate="no" target="_blank">https://github.com/jimmy058910/jmo-security-repo</a>**Actively seeking <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> / <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> roles!** DMs open for opportunities or technical feedback.What security tools are you using in your workflows?<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://infosec.exchange/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://infosec.exchange/tags/SecurityEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityEngineering</a> <a href="https://infosec.exchange/tags/JobSearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#JobSearch</a>

Thomas Fricke (he/his)<a href="https://social.tchncs.de/@diabhoil" class="u-url mention" rel="nofollow noopener" target="_blank">@diabhoil</a> <a href="https://social.bund.de/@zendis" class="u-url mention" rel="nofollow noopener" target="_blank">@zendis</a> <a href="https://23.social/tags/cloudnative" class="mention hashtag" rel="nofollow noopener" target="_blank">#cloudnative</a> heißt <a href="https://de.wikipedia.org/wiki/Cloud-native_Computing?wprov=sfla1" rel="nofollow noopener" translate="no" target="_blank">https://de.wikipedia.org/wiki/Cloud-native_Computing?wprov=sfla1</a>Weitere Prinzipien <a href="https://23.social/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a> (Link geht zum US Militär 😱)<a href="https://www.cloud.mil/devsecops/" rel="nofollow noopener" translate="no" target="_blank">https://www.cloud.mil/devsecops/</a><a href="https://infosec.exchange/@owasp_de" class="u-url mention" rel="nofollow noopener" target="_blank">@owasp_de</a> Version <a href="https://owasp.org/www-project-devsecops-guideline/" rel="nofollow noopener" translate="no" target="_blank">https://owasp.org/www-project-devsecops-guideline/</a><a href="https://23.social/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#google</a> <a href="https://23.social/tags/dora" class="mention hashtag" rel="nofollow noopener" target="_blank">#dora</a> <a href="https://en.wikipedia.org/wiki/DevOps_Research_and_Assessment?wprov=sfla1" rel="nofollow noopener" translate="no" target="_blank">https://en.wikipedia.org/wiki/DevOps_Research_and_Assessment?wprov=sfla1</a><a href="https://23.social/tags/OpenDesk" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenDesk</a> ist die erste Applikation in der Verwaltung, die diese Prinzipien berücksichtigt.<a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener" target="_blank">@bsi</a> Grundschutz <a href="https://23.social/tags/Container" class="mention hashtag" rel="nofollow noopener" target="_blank">#Container</a> <a href="https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-GS-Kompendium_Einzel_PDFs_2022/07_SYS_IT_Systeme/SYS_1_6_Containerisierung_Edition_2022.pdf?__blob=publicationFile&v=3" rel="nofollow noopener" translate="no" target="_blank">https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-GS-Kompendium_Einzel_PDFs_2022/07_SYS_IT_Systeme/SYS_1_6_Containerisierung_Edition_2022.pdf?__blob=publicationFile&v=3</a>und Kubernetes<a href="https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-GS-Kompendium_Einzel_PDFs_2022/06_APP_Anwendungen/APP_4_4_Kubernetes_Edition_2022.pdf?__blob=publicationFile&v=3" rel="nofollow noopener" translate="no" target="_blank">https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-GS-Kompendium_Einzel_PDFs_2022/06_APP_Anwendungen/APP_4_4_Kubernetes_Edition_2022.pdf?__blob=publicationFile&v=3</a> kamen dann von selbst.

Ardèch'Drôm DevL'association a besoin de vous, sinon elle va fermer ses portes. Est-ce que ce sera la dernière AG ? Venez participer à l'événement en visio <a href="https://mastodon.social/tags/ardeche" class="mention hashtag" rel="nofollow noopener" target="_blank">#ardeche</a> <a href="https://mastodon.social/tags/drome" class="mention hashtag" rel="nofollow noopener" target="_blank">#drome</a> <a href="https://mastodon.social/tags/dev" class="mention hashtag" rel="nofollow noopener" target="_blank">#dev</a> <a href="https://mastodon.social/tags/code" class="mention hashtag" rel="nofollow noopener" target="_blank">#code</a> <a href="https://mastodon.social/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devops</a> <a href="https://mastodon.social/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://mastodon.social/tags/logiciellibre" class="mention hashtag" rel="nofollow noopener" target="_blank">#logiciellibre</a> <a href="https://mobilizon.fr/events/b958f8b2-cdee-4ed2-bcf0-be765374cee6" rel="nofollow noopener" translate="no" target="_blank">https://mobilizon.fr/events/b958f8b2-cdee-4ed2-bcf0-be765374cee6</a>

jpmellojrVibe coding is fast—but is it secure? Here are 5 critical lessons for AppSec teams navigating AI-generated code in production. <a href="https://jpmellojr.blogspot.com/2025/10/vibe-coding-in-production-5-security.html" rel="nofollow noopener" target="_blank">https://jpmellojr.blogspot.com/2025/10/vibe-coding-in-production-5-security.html</a> <a href="https://noc.social/tags/VibeCoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#VibeCoding</a> <a href="https://noc.social/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://noc.social/tags/AIgeneratedCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIgeneratedCode</a> <a href="https://noc.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://noc.social/tags/LLMcoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#LLMcoding</a> <a href="https://noc.social/tags/CodeReview" class="mention hashtag" rel="nofollow noopener" target="_blank">#CodeReview</a> <a href="https://noc.social/tags/SoftwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SoftwareSecurity</a>

The DefendOps DiariesBeware, devs! A new scam group is disguising crypto-stealing malware as trusted VSCode extensions. Is your code safe? Read on and stay one step ahead.<a href="https://thedefendopsdiaries.com/malicious-vscode-extensions-the-tigerjack-campaign-and-its-impact-on-developers/" rel="nofollow noopener" translate="no" target="_blank">https://thedefendopsdiaries.com/malicious-vscode-extensions-the-tigerjack-campaign-and-its-impact-on-developers/</a><a href="https://infosec.exchange/tags/vscode" class="mention hashtag" rel="nofollow noopener" target="_blank">#vscode</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/cryptotheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptotheft</a> <a href="https://infosec.exchange/tags/tigerjack" class="mention hashtag" rel="nofollow noopener" target="_blank">#tigerjack</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a> <a href="https://infosec.exchange/tags/socialengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#socialengineering</a> <a href="https://infosec.exchange/tags/openvsx" class="mention hashtag" rel="nofollow noopener" target="_blank">#openvsx</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Tanya Janca | SheHacksPurple :verified: :verified:🎥 Missed one of my past conference talks? Let’s fix that.I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.“Security is Everybody’s Job” 📽️ <a href="https://twp.ai/4ipQeU" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/4ipQeU</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/SecurityAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityAwareness</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devops</a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a>

Tanya Janca | SheHacksPurple :verified: :verified:🎥 Missed one of my past conference talks? Let’s fix that.I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.“DevSecOps with OWASP DevSlop” 📽️ <a href="https://twp.ai/4ipJpl" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/4ipJpl</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/SecurityAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityAwareness</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a>

jpmellojrThe ongoing battle between shipping code fast and shipping it securely is a real challenge. Here are some strategies for AppSec teams to manage the risk. <a href="https://www.reversinglabs.com/blog/deadlines-vs-secure-code" rel="nofollow noopener" target="_blank">https://www.reversinglabs.com/blog/deadlines-vs-secure-code</a> <a href="https://noc.social/tags/SecureCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecureCode</a> <a href="https://noc.social/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://noc.social/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#SoftwareDevelopment</a> <a href="https://noc.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://noc.social/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberRisk</a>

Colin Cogle :verified:Help, I need a code signing certificate that won't bankrupt me.Three years ago, I paid $100 for a three-year code signing certificate. I've signed all my open-source projects' releases with it. Now that it's renewal time, Certera (SignMyCode.com) wants almost $700 for the same three-year certificate (excluding the mandatory HSM purchase, which I am totally on board with).I write silly C and PowerShell code, and I timestamp my signatures so that they're perpetually valid. My PowerShell Gallery stuff, as well as binaries of aprs-weather-submit on Windows and macOS, are all signed and hashed (but not notarized by Apple, because that's another $99 a year for something that feels done unless Bob Bruninga's followers are thinking about APRS 2.0).If I can't find a solution, anything I write or update in the future will have to be released as unsigned unless I half-ass something (like the Notepad++ developer using self-signed certs -- semi-dangerously clever). $100 every three years, fine. $700 every three years, and I'll do it if my three fans click my Buy Me A Coffee link over and over.Is there any CA out there that will offer open-source, not-for-profit developers like me a chance to get globally-trusted code signing certificates? I don't think SigStore ever took off (sadly), and even if it did, I don't think it's part of the Microsoft Authenticode program.<a href="https://mastodon.colincogle.name/tags/CodeSigning" class="mention hashtag" rel="nofollow noopener" target="_blank">#CodeSigning</a> <a href="https://mastodon.colincogle.name/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSL</a> <a href="https://mastodon.colincogle.name/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLS</a> <a href="https://mastodon.colincogle.name/tags/certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#certificates</a> <a href="https://mastodon.colincogle.name/tags/Certera" class="mention hashtag" rel="nofollow noopener" target="_blank">#Certera</a> <a href="https://mastodon.colincogle.name/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#SoftwareDevelopment</a> <a href="https://mastodon.colincogle.name/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#C</a> <a href="https://mastodon.colincogle.name/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#PowerShell</a> <a href="https://mastodon.colincogle.name/tags/PowerShellGallery" class="mention hashtag" rel="nofollow noopener" target="_blank">#PowerShellGallery</a> <a href="https://mastodon.colincogle.name/tags/AmateurRadio" class="mention hashtag" rel="nofollow noopener" target="_blank">#AmateurRadio</a> <a href="https://mastodon.colincogle.name/tags/HamRadio" class="mention hashtag" rel="nofollow noopener" target="_blank">#HamRadio</a> <a href="https://mastodon.colincogle.name/tags/APRS" class="mention hashtag" rel="nofollow noopener" target="_blank">#APRS</a> <a href="https://mastodon.colincogle.name/tags/APRS" class="mention hashtag" rel="nofollow noopener" target="_blank">#APRS</a>-Weather-Submit <a href="https://mastodon.colincogle.name/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> <a href="https://mastodon.colincogle.name/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.colincogle.name/tags/developer" class="mention hashtag" rel="nofollow noopener" target="_blank">#developer</a> <a href="https://mastodon.colincogle.name/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://mastodon.colincogle.name/tags/macOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#macOS</a> <a href="https://mastodon.colincogle.name/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.colincogle.name/tags/Authenticode" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authenticode</a> <a href="https://mastodon.colincogle.name/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://mastodon.colincogle.name/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a>

Ryan Daws 🤓XZ attack reveals unlearned open-source security lessons <a href="https://www.developer-tech.com/news/xz-attack-reveals-unlearned-open-source-security-lessons/" rel="nofollow noopener" translate="no" target="_blank">https://www.developer-tech.com/news/xz-attack-reveals-unlearned-open-source-security-lessons/</a> <a href="https://techhub.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://techhub.social/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a> <a href="https://techhub.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://techhub.social/tags/technews" class="mention hashtag" rel="nofollow noopener" target="_blank">#technews</a> <a href="https://techhub.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

Cyb3rk1d☁️ Cloud Security Tools — Essential Toolkit for Modern Teams 🛡️🚀Cloud environments introduce new risks and require specialized tooling to secure workloads, configurations, and data. Use a mix of CSP-native and third-party tools to cover posture management, runtime protection, identity, and visibility. Key categories and examples: Cloud Security Posture Management (CSPM) — Prisma Cloud, Dome9, Wiz for misconfig & compliance checks 🔍; Cloud Workload Protection (CWPP) — CrowdStrike, Trend Micro, Aqua for container and VM runtime defense 🐳🛡️; Cloud Access Security Broker (CASB) — Netskope, Microsoft Defender for Cloud Apps for SaaS visibility & data control ☁️🔐; Identity & Access Management — AWS IAM/Azure AD hardening, BeyondTrust, Okta for strong auth & least privilege 🔑; Threat Detection & SIEM — Splunk, Sumo Logic, Datadog + cloud-native logging for alerting and forensics 📊; Vulnerability & Configuration Scanning — Qualys, Tenable, Trivy for images and infra-as-code scanning ⚙️; Secrets Management — HashiCorp Vault, AWS Secrets Manager for safe key handling 🔐; and Supply-chain & CI/CD security — Snyk, Checkov, GitHub Advanced Security to catch insecure deps and pipelines 🧩.⚠️ Disclaimer: For educational & defensive use only. Evaluate tools against your cloud provider, compliance needs, and threat model before deploying. Always test changes in staging before production. 🚫🔒<a href="https://defcon.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudSecurity</a> <a href="https://defcon.social/tags/CSPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#CSPM</a> <a href="https://defcon.social/tags/CWPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#CWPP</a> <a href="https://defcon.social/tags/IAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#IAM</a> <a href="https://defcon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://defcon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://defcon.social/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloud</a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://defcon.social/tags/SecurityTools" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityTools</a> <a href="https://defcon.social/tags/Compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#Compliance</a> <a href="https://defcon.social/tags/ContainerSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ContainerSecurity</a> ☁️🛡️

Habr34 минуты до взлома: почему миру всегда будут нужны ИБ специалистыЗнаете, сколько времени нужно, чтобы взломать типичную российскую компанию? В среднем — меньше суток, а рекорд составил 34 минуты . Меньше, чем уходит на обед. Это данные недавнего эксперимента белых хакеров (пентестеров): они протестировали 74 компании и в двух из трёх случаях получили полный доступ. В 60% атак последствия были критичными: остановка бизнес-процессов, шифрование данных или кража средств. Рынок кибербезопасности в России сегодня стремительно меняется: уходят западные вендоры, компании латают инфраструктуру, а хакеры используют всё — от дыр в коде до генеративного ИИ. И одно остаётся стабильным: спрос на специалистов ИБ всегда выше предложения. Только на hh.ru в 2024 году — 27,3 тысячи вакансий (+17% к прошлому году). И это не предел: уже появляется новая ниша — безопасность AI, но специалистов там почти нет. Всем привет, меня зовут Никита Мотяжов , и я занимаюсь подбором ИБ-специалистов в SENSE . В статье разбираем, что происходит с ИБ в 2025-м: какие угрозы стали «новой нормой», кого ищут компании и как в профессию заходят джуны и опытные инженеры.<a href="https://habr.com/ru/companies/it_sense/articles/948182/" rel="nofollow noopener" translate="no" target="_blank">https://habr.com/ru/companies/it_sense/articles/948182/</a><a href="https://zhub.link/tags/%D0%B8%D1%81%D0%BA%D1%83%D1%81%D1%81%D1%82%D0%B2%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9_%D0%B8%D0%BD%D1%82%D0%B5%D0%BB%D0%BB%D0%B5%D0%BA%D1%82" class="mention hashtag" rel="nofollow noopener" target="_blank">#искусственный_интеллект</a> <a href="https://zhub.link/tags/%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC" class="mention hashtag" rel="nofollow noopener" target="_blank">#взлом</a> <a href="https://zhub.link/tags/%D1%85%D0%B0%D0%BA%D0%B5%D1%80%D1%81%D1%82%D0%B2%D0%BE" class="mention hashtag" rel="nofollow noopener" target="_blank">#хакерство</a> <a href="https://zhub.link/tags/%D0%B8%D0%B1" class="mention hashtag" rel="nofollow noopener" target="_blank">#иб</a> <a href="https://zhub.link/tags/%D0%B8%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%BD%D0%B0%D1%8F_%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener" target="_blank">#информационная_безопасность</a> <a href="https://zhub.link/tags/SOC%D0%B0%D0%BD%D0%B0%D0%BB%D0%B8%D1%82%D0%B8%D0%BA" class="mention hashtag" rel="nofollow noopener" target="_blank">#SOCаналитик</a> <a href="https://zhub.link/tags/%D0%BF%D0%B5%D0%BD%D1%82%D0%B5%D1%81%D1%82%D0%B5%D1%80" class="mention hashtag" rel="nofollow noopener" target="_blank">#пентестер</a> <a href="https://zhub.link/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a> <a href="https://zhub.link/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://zhub.link/tags/compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#compliance</a>

anchoreFind license landmines before they find you. Grant 0.3.0 flags "no-license" by default + turns policy into plain English. Faster, stricter, simpler.🔗 <a href="https://anchore.com/blog/grants-release-0-3-0-smarter-policies-faster-scans-and-simpler-compliance/" rel="nofollow noopener" translate="no" target="_blank">https://anchore.com/blog/grants-release-0-3-0-smarter-policies-faster-scans-and-simpler-compliance/</a><a href="https://mstdn.business/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mstdn.business/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://mstdn.business/tags/Compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#Compliance</a> <a href="https://mstdn.business/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a>

TechnoTenshi :verified_trans: :Fire_Lesbian:Over 40 NPM packages, including the widely used <a href="https://infosec.exchange/@ctrl" class="u-url mention" rel="nofollow noopener" target="_blank">@ctrl</a>/tinycolor, were compromised in a supply chain attack that harvests cloud credentials and persists via GitHub Actions backdoors. The malware self-propagates by infecting other packages maintained by compromised authors.<a href="https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised" rel="nofollow noopener" translate="no" target="_blank">https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised</a><a href="https://infosec.exchange/tags/SupplyChainAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainAttack</a> <a href="https://infosec.exchange/tags/NpmSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#NpmSecurity</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/InfosecNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfosecNews</a>

All Things Open🚀 NEW on We ❤️ Open Source 🚀SBOMs are the foundation of a more secure open source ecosystem. Alan Pope shows how Syft & Grype help you inventory & scan your software for vulnerabilities—fast, locally, and openly.<a href="https://allthingsopen.org/articles/sbom-open-source-security-syft-grype" rel="nofollow noopener" translate="no" target="_blank">https://allthingsopen.org/articles/sbom-open-source-security-syft-grype</a><a href="https://mastodon.social/tags/WeLoveOpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#WeLoveOpenSource</a> <a href="https://mastodon.social/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SBOM</a> <a href="https://mastodon.social/tags/OpenSourceSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSourceSecurity</a> <a href="https://mastodon.social/tags/Syft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Syft</a> <a href="https://mastodon.social/tags/Grype" class="mention hashtag" rel="nofollow noopener" target="_blank">#Grype</a> <a href="https://mastodon.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSS</a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://mastodon.social/tags/SecureByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecureByDesign</a>

GrypeIs your team struggling with one these dreaded acronyms: FedRAMP, PCI, HIPAA, NYDFS, or SOC 2? We feel you. That's why we partnered up with Chainguard to make compliance faster, easier and continuously enforceable. Join us on Sept 24 when we share best practices for integrating compliance in the SDLC. We will start with secure container images and automate policy enforcement to streamline ... <a href="https://events.chainguard.dev/02c6031d-d65b-417d-b62d-858f53c144f5/?utm_medium=referral&utm_source=anchore&utm_campaign=FY26-GL-LW-ChainguardxAnchoreWebinar2025" rel="nofollow noopener" translate="no" target="_blank">https://events.chainguard.dev/02c6031d-d65b-417d-b62d-858f53c144f5/?utm_medium=referral&utm_source=anchore&utm_campaign=FY26-GL-LW-ChainguardxAnchoreWebinar2025</a><a href="https://fosstodon.org/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://fosstodon.org/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://fosstodon.org/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://fosstodon.org/tags/Compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#Compliance</a> <a href="https://fosstodon.org/tags/Chainguard" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chainguard</a> <a href="https://fosstodon.org/tags/Anchore" class="mention hashtag" rel="nofollow noopener" target="_blank">#Anchore</a>

anchoreThe <a href="https://fosstodon.org/@syft" class="u-url mention" rel="nofollow noopener" target="_blank">@syft</a> & <a href="https://fosstodon.org/@grype" class="u-url mention" rel="nofollow noopener" target="_blank">@grype</a> projects combined have hit 40 million downloads!A massive thank you to the open source community for trusting us to secure their software supply chains.<a href="https://mstdn.business/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mstdn.business/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SBOM</a> <a href="https://mstdn.business/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://anchore.com/opensource" rel="nofollow noopener" translate="no" target="_blank">https://anchore.com/opensource</a>

knoppixCISA warns of active exploits targeting a Git flaw (CVE-2025-48384) enabling arbitrary code execution via malicious submodules 🧠 Git mishandles \r in config files—attackers can hijack machines when users clone tainted repos ⚠️ Patch deadline for U.S. agencies: Sept 15 ⏳ Fixes available in Git 2.43.7+ 🔧Also added: Citrix Session Recording RCE & privilege escalation bugs 🖥️<a href="https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-git-code-execution-flaw/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-git-code-execution-flaw/</a><a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/Git" class="mention hashtag" rel="nofollow noopener" target="_blank">#Git</a> <a href="https://mastodon.social/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISA</a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://mastodon.social/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZeroDay</a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://mastodon.social/tags/Code" class="mention hashtag" rel="nofollow noopener" target="_blank">#Code</a> <a href="https://mastodon.social/tags/Citrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#Citrix</a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a>

:awesome:🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉🚨 Supply chain attack hits Nx NPM package with 4.6M weekly downloads! Malicious updates exploited AI CLI tools to steal developer secrets like SSH keys & tokens, exposing sensitive data in public GitHub repos. Devs urged to audit accounts & revoke creds ASAP. More info: <a href="https://cyberinsider.com/supply-chain-attack-hits-nx-npm-package-with-4-6m-weekly-downloads/" rel="nofollow noopener" translate="no" target="_blank">https://cyberinsider.com/supply-chain-attack-hits-nx-npm-package-with-4-6m-weekly-downloads/</a> <a href="https://mas.to/tags/SupplyChainAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainAttack</a> <a href="https://mas.to/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://mas.to/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a> <a href="https://mas.to/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#newz</a>

Recent searches

Search options

Administered by:

Server stats:

#devsecops