Tag

security

Oldest Newest URL A-Z URL Z-A Title A-Z Title Z-A Random
Have I Been Pwned 2.0 is Now Live!
https://www.troyhunt.com/have-i-been-pwned-2-0-is-now-live/

This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!

Feb last year is when I made the first commit to the public repo for the rebranded service, and we soft-launched the new brand in

 
cyber data breach import-20250527224135 passwords security
Added 3 months ago
A First Glimpse of the Starlink User Ternimal
https://www.darknavy.org/blog/a_first_glimpse_of_the_starlink_user_ternimal/
 
import-20250527224135 networking security
Added 3 months ago
Hardening GitHub Actions: Lessons from Recent Attacks | Wiz Blog
https://www.wiz.io/blog/github-actions-security-guide
 
actions github import-20250527224135 security
Added 3 months ago
CISA extends funding to ensure 'no lapse in critical CVE services'
https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/

CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.

 
cyber import-20250527224135 management security vulnerability
Added 3 months ago
CVE Foundation
https://www.thecvefoundation.org/home

The Common Vulnerabilities and Exposures (CVE) Program has become the cornerstone of vulnerability management. Nearly all technology vendors and service providers identify vulnerabilities with CVEs when they publish security advisories. Most security products and services related to vulnerabilities

 
cyber import-20250527224135 management security vulnerability
Added 3 months ago
CVE program faces swift end after DHS fails to renew contract. Leaving security flaw tracking in limbo
https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html

After DHS did not renew its funding contract for reasons unspecified, MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program was slated for an abrupt shutdown on April 16, which would have left security flaw tracking in limbo. CISA stepped in to provide a bridge.

 
cyber import-20250527224135 management security vulnerability
Added 3 months ago
The CVE program for tracking security flaws is about to lose federal funding
https://www.theverge.com/news/649314/cve-mitre-funding-vulnerabilities-exposures-funding

The federally funded organization behind the Common Vulnerabilities and Exposures (CVE) program confirmed that its contract to support the system will expire on April 16th.

 
cyber import-20250527224135 security
Added 3 months ago
Enhancing your DevSecOps with Wazuh. The open source XDR platform
https://www.bleepingcomputer.com/news/security/enhancing-your-devsecops-with-wazuh-the-open-source-xdr-platform/

Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle.

 
cicd cyber devsecops import-20250527224135 security siem
Added 3 months ago
Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring
https://search.app/1yiQn4N9PWiF9ZtL8

Frida 16.7.0, the latest version of the popular dynamic instrumentation toolkit, has been released with powerful new APIs specifically.

 
automation cyber import-20250527224135 pentest security testing
Added 3 months ago
The “S” in MCP Stands for Security
https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b
 
ai cyber import-20250527224135 security
Added 3 months ago
Google launches Sec-Gemini v1. A new experimental cybersecurity model
https://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html?m=1
 
ai cyber import-20250527224135 security
Added 3 months ago
CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL
https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/

An exposed GitHub token could have been used to launch a supply chain attack on GitHub CodeQL, resulting in source code exposure and repository tampering of CodeQL users.

 
cyber github import-20250527224135 secrets security
Added 3 months ago
Remote Code Execution Vulnerabilities in Ingress NGINX | Wiz Blog
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
 
cyber import-20250527224135 ingress k8s security vulnerability
Added 3 months ago
https://cybernews.com/security/troy-hunt-falls-victim-to-phishing-attack/
https://cybernews.com/security/troy-hunt-falls-victim-to-phishing-attack/
 
cyber import-20250527224135 phishing security
Added 3 months ago
reviewdog/action-setup
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
 
actions github import-20250527224135 security supply chain
Added 3 months ago
GitHub Actions now supports a digest for validating your artifacts at runtime - GitHub Changelog
https://github.blog/changelog/2025-03-18-github-actions-now-supports-a-digest-for-validating-your-artifacts-at-runtime/

Developers using upload-artifact and download-artifact in their Actions workflows can now ensure the integrity of their artifacts with the new SHA256 digest. This feature automatically verifies that the artifact uploaded…

 
import-20250527224135 security supply chain
Added 3 months ago
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
https://search.app/nz29ggeNi26oEF8q9
 
actions github import-20250527224135 open source security vulnerability
Added 3 months ago
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials - The GitHub Blog
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.

 
import-20250527224135 open source saml security sso vulnerability
Added 3 months ago
OpenSSF Announces Initial Release of the Open Source Project Security Baseline – Open Source Securit
https://openssf.org/press-release/2025/02/25/openssf-announces-initial-release-of-the-open-source-project-security-baseline/

The OpenSSF announces the Open Source Project Security Baseline (OSPS Baseline), a new framework to help open source projects enhance security through tiered best practices. Learn more about this initiative and how it aligns with global cybersecurity regulations.

 
import-20250527224135 open source security
Added 3 months ago
Recent improvements to Artifact Attestations - GitHub Changelog
https://github.blog/changelog/2025-02-18-recent-improvements-to-artifact-attestations/

We released a collection of improvements to Artifact Attestations to make the verification of attestations easier and more consistent. Artifact Attestations let you create provenance signatures, which provide an unforgeable…

 
github import-20250527224135 security supply chain
Added 3 months ago
Paul Butler – Smuggling arbitrary data through an emoji
https://paulbutler.org/2025/smuggling-arbitrary-data-through-an-emoji/
 
cyber import-20250527224135 security vulnerability
Added 3 months ago
splunk/DECEIVE
https://github.com/splunk/DECEIVE

DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work! - splunk/DECEIVE

 
ai cyber import-20250527224135 llm open source security tools
Added 3 months ago
https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog
https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog
 
cyber import-20250527224135 security ssh
Added 3 months ago
operational pgp - draft
https://gist.github.com/grugq/03167bed45e774551155#file-gistfile1-md

operational pgp - draft. GitHub Gist: instantly share code, notes, and snippets.

 
email encryption gnupg import-20250527224135 security
Added 3 months ago