security
GitHub - Forceu/Gokapi: Lightweight selfhosted Firefox Send alternative without public upload. AWS S3 supported.
https://github.com/Forceu/Gokapi
Lightweight selfhosted Firefox Send alternative without public upload. AWS S3 supported. - Forceu/Gokapi
Added 3 days ago
@bagder.mastodon.social.ap.brid.gy on Bluesky
https://bsky.app/profile/bagder.mastodon.social.ap.brid.gy/post/3ltodxecunfy2
It has officially begun. The CRA info request counter is no longer at zero.
Added 5 days ago
China breaks RSA encryption with a quantum computer - Earth.com
https://www.earth.com/news/china-breaks-rsa-encryption-with-a-quantum-computer-threatening-global-data-security/
Researchers in Shanghai break record by factoring 22-bit RSA key using quantum computing, threatening future cryptographic keys.
Added 3 weeks ago
Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack
https://blog.cloudflare.com/defending-the-internet-how-cloudflare-blocked-a-monumental-7-3-tbps-ddos/
In mid-May 2025, blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps).
Added 3 weeks ago
Dangerous by default: Insecure GitHub Actions found in MITRE, Splunk, and other open source repositories | Sysdig
https://sysdig.com/blog/insecure-github-actions-found-in-mitre-splunk-and-other-open-source-repositories/
Since its founding, the Sysdig Threat Research Team (TRT) has been committed to making the world a safer, more informed place. Upholding this commitment
Google Online Security Blog: On Fire Drills and Phishing Tests
https://security.googleblog.com/2024/05/on-fire-drills-and-phishing-tests.html
Frequent reauth doesn't make you more secure
https://tailscale.com/blog/frequent-reath-security
Securely connect to anything on the internet with Tailscale. Built on WireGuard®️, Tailscale enables you to make finely configurable connections, secured end-to-end according to zero trust principles, between any resources on any infrastructure.
Added 1 month ago
Scammers impersonating the ASD's ACSC | Cyber.gov.au
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/email-scammers-impersonating-asds-acsc
Scammers are impersonating the ASD's ACSC sending out phishing emails to the public with the email content suggesting to download a malicious antivirus program.
Ubuntu 25.10 Replaces sudo With a Rust-Based Equivalent - The New Stack
https://thenewstack.io/ubuntu-25-10-replaces-sudo-with-a-rust-based-equivalent/
The new sudo-rs is meant to be a near drop-in replacement for sudo, but some of the less secure aspects of sudo will not be supported.
Added 1 month ago
Designing Blue Team playbooks with Wazuh for proactive incident response
https://www.bleepingcomputer.com/news/security/designing-blue-team-playbooks-with-wazuh-for-proactive-incident-response/
Blue Team playbooks are essential—but tools like Wazuh take them to the next level. From credential dumping to web shells and brute-force attacks, see how Wazuh strengthens real-time detection and automated response.
Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux
https://cybersecuritynews.com/kali-gpt/
Kali GPT, a specialized AI model built on GPT-4 architecture, has been specifically developed to integrate seamlessly with Kali Linux, offering unprecedented support for offensive security professionals and students alike.
Covert Web-to-App Tracking via Localhost on Android
https://localmess.github.io/
Facebook and Yandex link Web and App usage via a localhost network connection
This no-code, security-focused n8n alternative works with everything, and it's free
https://www.xda-developers.com/cloud-based-n8n-alternative/
Tines is worth trying out for a fully cloud-based, secure solution to automation.
Added 1 month ago
Using artifact attestations to establish provenance for builds - GitHub Docs
https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds#verifying-artifact-attestations-with-the-github-cli
Added 1 month ago
GitHub - OperantAI/woodpecker: Red Teaming for AI and Cloud
https://github.com/OperantAI/woodpecker
Red Teaming for AI and Cloud. Contribute to OperantAI/woodpecker development by creating an account on GitHub.
Securing CI/CD workflows with Wazuh
https://thehackernews.com/2025/05/securing-cicd-workflows-with-wazuh.html?m=1
Added 1 month ago
ASD releases joint advice on AI data security – ARN
https://www.arnnet.com.au/article/3993677/asd-releases-joint-advice-on-ai-data-security.html
The Australian Securities Directorate (ASD), in collaboration with international partners, has come with new advice on best practices for securing data throughout the artificial intelligence (AI) and machine learning (ML) system lifecycle.
Added 1 month ago
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been…
Added 1 month ago
Have I Been Pwned 2.0 is Now Live!
https://www.troyhunt.com/have-i-been-pwned-2-0-is-now-live/
This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!
Feb last year is when I made the first commit to the public repo for the rebranded service, and we soft-launched the new brand in
Added 1 month ago
A First Glimpse of the Starlink User Ternimal
https://www.darknavy.org/blog/a_first_glimpse_of_the_starlink_user_ternimal/
Added 1 month ago
Hardening GitHub Actions: Lessons from Recent Attacks | Wiz Blog
https://www.wiz.io/blog/github-actions-security-guide
Added 1 month ago
CISA extends funding to ensure 'no lapse in critical CVE services'
https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.
Added 1 month ago
CVE Foundation
https://www.thecvefoundation.org/home
The Common Vulnerabilities and Exposures (CVE) Program has become the cornerstone of vulnerability management. Nearly all technology vendors and service providers identify vulnerabilities with CVEs when they publish security advisories. Most security products and services related to vulnerabilities
Added 1 month ago
CVE program faces swift end after DHS fails to renew contract. Leaving security flaw tracking in limbo
https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html
After DHS did not renew its funding contract for reasons unspecified, MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program was slated for an abrupt shutdown on April 16, which would have left security flaw tracking in limbo. CISA stepped in to provide a bridge.
Added 1 month ago