PyPi dodges a bullet, Google domains hijacked, CISA broke into a US federal agency, and more!
Risks in dependency managers, ChatGPT stores history in clear-text, CI/CD Attacks Everywhere, Secure Software Development Education 2024 Survey
New CVE rules, AI catastrophe, critical CocoaPods flaws, GitLab pipeline bug, OpenSSH vulnerability, unsafe Ruby deserialization, Maven Central bandwidth issues
Google Project Zero: offensive security with LLMs, Data leak @ Apple, polyfill.io supply chain attack, AI Vulnerabilities
Understanding the GitHub Security Advisory Database: A Must-Know for Open-Source Developers and Consumers
CISO & Investor conflict of interest, Career Growth, npm was vulnerable to what?!?, 75% of organizations experienced supply chain attacks
Exposed secrets everywhere! Offensive CI/CD Techniques, Common Misconceptions in Vulnerability Management
Exposing Common Misconceptions about CVEs, NVD, KEV Catalog, and EPSS
How good are LLMs at patching vulnerabilities? GitHub Artifact Attestations, MegaLinter, Malware distributed via StackOverflow
Stirring the pot, testing the top five AI Chatbots, using GitHub Actions for SOC2 Compliance, The Proactive Software Supply Chain Risk Management Framework
My take on transitive vulnerabilities, Pinning GitHub Actions, Ebury backdoor, Supply Chain Steganography, CVE Enrichment
20% of Docker Hub's repos host malicious content, OWASP Critique, and SCA Marketing Nonsense