Read how Google is using System Theoretic Process Analysis (STPA) to analyze pure software systems and discover risks.

It turns out that professionals are keenly interested in learning new skills (which makes us deliriously happy). And learning tends to spike in January, as people start the year focused on building new habits.

Share This Editorial

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

jless | plaintextsports.com

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been…

Since its founding, the Sysdig Threat Research Team (TRT) has been committed to making the world a safer, more informed place. Upholding this commitment

Google announced its intent to acquire cloud security company Wiz in March and the deal is now on track to close in early 2026.

The examples use off-the-shelf commercial technologies, giving organizations valuable starting points

Critical Unauthenticated RCE Flaw, no Common CVE identifiers have been assigned yet, although experts suggest there should be at least three to six.

A TTS model capable of generating ultra-realistic dialogue in one pass. - nari-labs/dia

While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend for service-to-service (S2S) communication, called “Actor tokens”, and a critical vulnerability in the (legacy) Azure AD Graph API that did not properly validate the originating tenant, allowing these tokens to be used for cross-tenant access.

While no hard plans were revealed at the Red Hat Summit, it's clear that Red Hat's DevOps and HashiCorp's IaC programs will end up working together.

Minesweeper is a new technique for automating root cause analysis (RCA) that identifies the causes of bugs based on their symptoms.

The CloudFlare outage was a good thing. GitHub Gist: instantly share code, notes, and snippets.

Discover all apps and their users using our free Shadow IT Scanner for Google Workspace and Microsoft 365.

DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work! - splunk/DECEIVE