Only have one day to train? Make it count.
Join us on at OWASP Global AppSec USA 2025 in Washington, D.C. for a full day of expert-led, hands-on security training.
Whether you're a builder, breaker, defender, or manager, there's a course to help you go deeper.
How do global tech organizations identify and close their tech teams' cybersecurity skill gaps?
They use the Cybersecurity Skills Framework — built for technical roles.
DevOps, SREs, AppDev, Architects and more Skills mapped to each role and experience level Practical, customizable, easy
Watch our on-demand webinar, "Cybersecurity Skills: A Framework That Works," to learn more: https://training.linuxfoundation.org/resources/webinars/cybersecurity-skills-framework-webinar/
Heads up, developers! A major npm Registry security breach has compromised 847 packages. Social engineering gave attackers access to maintainer accounts. Stay vigilant!
#Cybersecurity #DevSecOps #npm
Leaked and Loaded: DOGE’s API Key Crisis
One leaked API key exposed 52 private LLMs and potentially sensitive systems across SpaceX, Twitter, and even the U.S. Treasury.
In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down the DOGE/XAI API key leak. They share how it happened, why key management is a growing threat, and what you should do to protect your organization from similar risks.
Watch the video: https://youtu.be/Lnn225XlIc4
Listen to the podcast: https://www.chatcyberside.com/e/api-key-catastrophe-when-secrets-get-leaked/
Securing #PowerShell 7? Start here.
At #PSConfEU 2025, Anam Navied showed:
Full vs Constrained Language Modes
Lockdown with AppLocker & WDAC
Runtime script trust checks
Secure-by-default PowerShell setups
psconf.eu
#Security #DevSecOps
- YouTube
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Security is Everybody’s Job”
https://twp.ai/4ion6e
SecretSpec offers a new declarative approach to secrets management, enabling one spec to work across local dev, CI/CD, and production with different providers, all without changing app code. Not a paid promotion or endorsement.
Making security and development co-owners of DevSecOps https://www.helpnetsecurity.com/2025/07/18/galal-ibrahim-maghola-devsecops-practices-tips/ #Artificialintelligence #cybersecurity #automation #compliance #G42Company #Don'tmiss #DevSecOps #Features #Hotstuff #News
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“DevSecOps with OWASP DevSlop” https://twp.ai/4iofNZ
New Open-Source Tool Spotlight
Grype is a vulnerability scanner for container images and filesystems. It supports various sources like Docker images, SBOMs, and directories, detecting known vulnerabilities rapidly. Integrates well with CI pipelines. #CyberSecurity #DevSecOps
Project link on #GitHub 
https://github.com/anchore/grype
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
Have you heard? I'm giving my workshop "Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day" at NDC Porto this year! Super excited to experience this conference, share and learn with folks. 
FOKS launches as a federated, end-to-end post-quantum encrypted Git and KV hosting tool, with support for YubiKeys, team management, and privacy-preserving metadata. Fully open-source and bootstrapped.
Helm v3.18.3 and earlier are vulnerable to local code execution via a crafted Chart.yaml and symlinked Chart.lock. Exploit occurs during dependency updates. Patched in v3.18.4.
https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm
A malicious pull request infected 6,000+ GitHub repositories with hidden malware. Open-source supply chains are under attack—review code carefully!
#DevSecOps #SupplyChainAttack 
https://thehackernews.com/2025/07/malicious-pull-request-infects-6000.html
A critical Linux vulnerability (CVE-2025-32463) in Sudo lets any local unprivileged user gain root via the --chroot (-R) option
Affects default configs on Ubuntu, Fedora & others — no Sudo rules needed
Fix: Update to Sudo 1.9.17p1+ (no workarounds)
CVSS: 9.8 (Critical)
Highlights persistent risks in open-source privilege handling 
https://cybersecuritynews.com/linux-sudo-chroot-vulnerability/
MCP: AI’s Foundational Agent Protocol is Riddled with Critical Security Flaws
Noch nie von #CWE-22, CWE-377, CWE-778 gehört? Dann könnte dein nächster Datei-Upload in #Java zur Sicherheitslücke werden.
@svenruppert hat praktische Abhilfe parat.
Jetzt absichern: https://javapro.io/de/erstellen-einer-einfachen-datei-up-download-anwendung-mit-vaadin-flow/
Healthcare CISOs must secure more than what’s regulated https://www.helpnetsecurity.com/2025/07/03/henry-jiang-ensora-health-healthcare-devsecops-strategy/ #cybersecurity #EnsoraHealth #automation #healthcare #regulation #Don'tmiss #DevSecOps #Features #Hotstuff #strategy #News #CISO
Das Ding ist sooooo on-point.
