Tag

security

Oldest Newest URL A-Z URL Z-A Title A-Z Title Z-A Random
The CVE program for tracking security flaws is about to lose federal funding
https://www.theverge.com/news/649314/cve-mitre-funding-vulnerabilities-exposures-funding
The federally funded organization behind the Common Vulnerabilities and Exposures (CVE) program confirmed that its contract to support the system will expire on April 16th.
 
cyber import-20250527224135 security
Added 1 month ago
Enhancing your DevSecOps with Wazuh. The open source XDR platform
https://www.bleepingcomputer.com/news/security/enhancing-your-devsecops-with-wazuh-the-open-source-xdr-platform/
Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle.
 
cicd cyber devsecops import-20250527224135 security siem
Added 1 month ago
Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring
https://search.app/1yiQn4N9PWiF9ZtL8
Frida 16.7.0, the latest version of the popular dynamic instrumentation toolkit, has been released with powerful new APIs specifically.
 
automation cyber import-20250527224135 pentest security testing
Added 1 month ago
The “S” in MCP Stands for Security
https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b
 
ai cyber import-20250527224135 security
Added 1 month ago
Google launches Sec-Gemini v1. A new experimental cybersecurity model
https://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html?m=1
 
ai cyber import-20250527224135 security
Added 1 month ago
CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL
https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/
An exposed GitHub token could have been used to launch a supply chain attack on GitHub CodeQL, resulting in source code exposure and repository tampering of CodeQL users.
 
cyber github import-20250527224135 secrets security
Added 1 month ago
Remote Code Execution Vulnerabilities in Ingress NGINX | Wiz Blog
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
 
cyber import-20250527224135 ingress k8s security vulnerability
Added 1 month ago
https://cybernews.com/security/troy-hunt-falls-victim-to-phishing-attack/
https://cybernews.com/security/troy-hunt-falls-victim-to-phishing-attack/
 
cyber import-20250527224135 phishing security
Added 1 month ago
reviewdog/action-setup
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
 
actions github import-20250527224135 security supply chain
Added 1 month ago
GitHub Actions now supports a digest for validating your artifacts at runtime - GitHub Changelog
https://github.blog/changelog/2025-03-18-github-actions-now-supports-a-digest-for-validating-your-artifacts-at-runtime/
Developers using upload-artifact and download-artifact in their Actions workflows can now ensure the integrity of their artifacts with the new SHA256 digest. This feature automatically verifies that the artifact uploaded…
 
import-20250527224135 security supply chain
Added 1 month ago
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
https://search.app/nz29ggeNi26oEF8q9
 
actions github import-20250527224135 open source security vulnerability
Added 1 month ago
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials - The GitHub Blog
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.
 
import-20250527224135 open source saml security sso vulnerability
Added 1 month ago
OpenSSF Announces Initial Release of the Open Source Project Security Baseline – Open Source Securit
https://openssf.org/press-release/2025/02/25/openssf-announces-initial-release-of-the-open-source-project-security-baseline/
The OpenSSF announces the Open Source Project Security Baseline (OSPS Baseline), a new framework to help open source projects enhance security through tiered best practices. Learn more about this initiative and how it aligns with global cybersecurity regulations.
 
import-20250527224135 open source security
Added 1 month ago
Recent improvements to Artifact Attestations - GitHub Changelog
https://github.blog/changelog/2025-02-18-recent-improvements-to-artifact-attestations/
We released a collection of improvements to Artifact Attestations to make the verification of attestations easier and more consistent. Artifact Attestations let you create provenance signatures, which provide an unforgeable…
 
github import-20250527224135 security supply chain
Added 1 month ago
Paul Butler – Smuggling arbitrary data through an emoji
https://paulbutler.org/2025/smuggling-arbitrary-data-through-an-emoji/
 
cyber import-20250527224135 security vulnerability
Added 1 month ago
splunk/DECEIVE
https://github.com/splunk/DECEIVE
DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work! - splunk/DECEIVE
 
ai cyber import-20250527224135 llm open source security tools
Added 1 month ago
https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog
https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog
 
cyber import-20250527224135 security ssh
Added 1 month ago
operational pgp - draft
https://gist.github.com/grugq/03167bed45e774551155#file-gistfile1-md
operational pgp - draft. GitHub Gist: instantly share code, notes, and snippets.
 
email encryption gnupg import-20250527224135 security
Added 1 month ago
GitHub - drduh/YubiKey-Guide: Guide to using YubiKey for GnuPG and SSH
https://github.com/drduh/YubiKey-Guide
Community guide to using YubiKey for GnuPG and SSH - protect secrets with hardware crypto. - drduh/YubiKey-Guide
 
gnupg import-20250527224135 security ssh yubikey
Added 1 month ago
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Secu
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it. After reading the description, I found that it states it builds new firmware using an online service.
 
cyber import-20250527224135 open source pentest security supply chain vulnerability
Added 1 month ago
New AWS Security Incident Response helps organizations respond to and recover from security events |
https://aws.amazon.com/blogs/aws/new-aws-security-incident-response-helps-organizations-respond-to-and-recover-from-security-events/
AWS introduces a new service to streamline security event response, providing automated triage, coordinated communication, and expert guidance to recover from cybersecurity threats.
 
cyber import-20250527224135 incident management security
Added 1 month ago
Are we PEP 740 yet? 🔏
https://trailofbits.github.io/are-we-pep740-yet/
 
import-20250527224135 python security supply chain
Added 1 month ago
Google Online Security Blog: Safer with Google: New intelligent real-time protections on Android to
https://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html?m=1
 
google import-20250527224135 mobile security
Added 1 month ago
FBI says hackers are sending fraudulent police data requests to tech giants to steal people's privat
https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/?guccounter=1
The warning is a rare admission from the FBI about the threat from fake emergency data requests submitted by hackers with access to police email accounts.
 
cyber import-20250527224135 phishing security
Added 1 month ago