Kali GPT, a specialized AI model built on GPT-4 architecture, has been specifically developed to integrate seamlessly with Kali Linux, offering unprecedented support for offensive security professionals and students alike.

Generate and verify signed attestations for anything you make with GitHub Actions.

This is a joint post with the Homebrew maintainers; read their announcement here! Last summer, we performed an audit of Homebrew. Our audit’s scope included Homebrew/brew itself (home of the brew CLI), and three adjacent repositories responsible for various security-relevant aspects of Homebrew’s operation: Homebrew/actions: a repository of custom GitHub Actions used […]

Raven is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities.

We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.

Australian businesses are paying untold amounts in ransom to hackers but the government hopes to regain some control with a landmark cybersecurity law.

The new sudo-rs is meant to be a near drop-in replacement for sudo, but some of the less secure aspects of sudo will not be supported.

This is an open-source version of 'Security Training for Everyone', PagerDuty's internal employee security training, given to all PagerDuty employees as part of our annual security training program.

Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle.

Google’s Project Zero hackers and DeepMind boffins have collaborated to uncover a zero-day security vulnerability in real-world code for the first time using AI.

Build a Proxmox Kubernetes cluster with Talos Linux. Uncover how to provision Talos Linux on Proxmox and discover the power of a tiny Linux OS with Kubernetes.

The long-awaited law, if passed, will be Australia’s first standalone cyber security act.

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more - prowler-cloud/prowler

In this post, we'll demonstrate querying the Amazon Redshift audit data logged in S3 to provide answers to common use cases described preceding.

Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be

The following 20 pages were the most viewed AWS Identity and Access Management (IAM) documentation pages in 2017. I have included a brief description with each link to explain what each page covers. Use this list to see what other AWS customers have been viewing and perhaps to pique your own interest in a topic you’ve […]

A description of each security header, why it is important, and how to configure your website in a secure way.