The OpenSSF announces the Open Source Project Security Baseline (OSPS Baseline), a new framework to help open source projects enhance security through tiered best practices. Learn more about this initiative and how it aligns with global cybersecurity regulations.

We released a collection of improvements to Artifact Attestations to make the verification of attestations easier and more consistent. Artifact Attestations let you create provenance signatures, which provide an unforgeable…

DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work! - splunk/DECEIVE

operational pgp - draft. GitHub Gist: instantly share code, notes, and snippets.

Community guide to using YubiKey for GnuPG and SSH - protect secrets with hardware crypto. - drduh/YubiKey-Guide

Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it. After reading the description, I found that it states it builds new firmware using an online service.

AWS introduces a new service to streamline security event response, providing automated triage, coordinated communication, and expert guidance to recover from cybersecurity threats.

The warning is a rare admission from the FBI about the threat from fake emergency data requests submitted by hackers with access to police email accounts.

Google’s Project Zero hackers and DeepMind boffins have collaborated to uncover a zero-day security vulnerability in real-world code for the first time using AI.

Welcome back to Week in Review. This week, we're coming at you right off the heels of TechCrunch Disrupt! If you missed it, we’re highlighting

Free domain research tool to discover hosts related to a domain. Find visible hosts from the attackers perspective for Red and Blue Teams.

Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.

The long-awaited law, if passed, will be Australia’s first standalone cyber security act.

Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls.

Evolving threats require security solutions that match the sophistication of modern threats. Learn more about how Wazuh, the open-source XDR and SIEM, tackles these threats.

No patches yet, can be mitigated, requires user interaction

Critical Unauthenticated RCE Flaw, no Common CVE identifiers have been assigned yet, although experts suggest there should be at least three to six.