security
Remote Code Execution Vulnerabilities in Ingress NGINX | Wiz Blog
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
Added 5 months ago
https://cybernews.com/security/troy-hunt-falls-victim-to-phishing-attack/
https://cybernews.com/security/troy-hunt-falls-victim-to-phishing-attack/
Added 5 months ago
reviewdog/action-setup
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
Added 5 months ago
GitHub Actions now supports a digest for validating your artifacts at runtime - GitHub Changelog
https://github.blog/changelog/2025-03-18-github-actions-now-supports-a-digest-for-validating-your-artifacts-at-runtime/
Added 5 months ago
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
https://search.app/nz29ggeNi26oEF8q9
Added 5 months ago
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials - The GitHub Blog
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
Added 5 months ago
OpenSSF Announces Initial Release of the Open Source Project Security Baseline – Open Source Securit
https://openssf.org/press-release/2025/02/25/openssf-announces-initial-release-of-the-open-source-project-security-baseline/
Added 5 months ago
Recent improvements to Artifact Attestations - GitHub Changelog
https://github.blog/changelog/2025-02-18-recent-improvements-to-artifact-attestations/
Added 5 months ago
Paul Butler – Smuggling arbitrary data through an emoji
https://paulbutler.org/2025/smuggling-arbitrary-data-through-an-emoji/
Added 5 months ago
https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog
https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog
Added 5 months ago
operational pgp - draft
https://gist.github.com/grugq/03167bed45e774551155#file-gistfile1-md
Added 5 months ago
GitHub - drduh/YubiKey-Guide: Guide to using YubiKey for GnuPG and SSH
https://github.com/drduh/YubiKey-Guide
Added 5 months ago
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Secu
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
Added 5 months ago
New AWS Security Incident Response helps organizations respond to and recover from security events |
https://aws.amazon.com/blogs/aws/new-aws-security-incident-response-helps-organizations-respond-to-and-recover-from-security-events/
Added 5 months ago
Google Online Security Blog: Safer with Google: New intelligent real-time protections on Android to
https://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html?m=1
Added 5 months ago
FBI says hackers are sending fraudulent police data requests to tech giants to steal people's privat
https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/?guccounter=1
Added 5 months ago
Google Claims World First As AI Finds 0-Day Security Vulnerability
https://www.forbes.com/sites/daveywinder/2024/11/04/google-claims-world-first-as-ai-finds-0-day-security-vulnerability/
Added 5 months ago
Why Wiz really turned down Google’s $23B offer | TechCrunch
https://techcrunch.com/2024/11/02/why-wiz-really-turned-down-googles-23b-offer/
Added 5 months ago
OpenSSF Adds Minder as a Sandbox Project to Simplify the Integration and Use of Open Source Security
https://openssf.org/blog/2024/10/28/openssf-adds-minder-as-a-sandbox-project-to-simplify-the-integration-and-use-of-open-source-security-tools/
Added 5 months ago
'Shift Left' Triggers Security Soul Searching
https://www.darkreading.com/application-security/shift-left-pushback-triggers-security-soul-searching
Added 5 months ago
Internet Archive hacked data breach impacts 31 million users
https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/
Added 5 months ago