Mastodawn

Security Tip: Don't trust every container image in your registry. 🛡️ While scanning for known CVEs is vital, image signing ensures provenance. It proves that the image in production is the one your CI/CD pipeline actually built. Without it, you're vulnerable to registry-level tampering. Track vulnerabilities and stay ahead of threats: https://cvedatabase.com #InfoSec #ContainerSecurity #AppSec #CyberSecurity #CVE

CVEDatabase.com - Search & Analyze CVE Vulnerabilities

Search and analyze CVE vulnerabilities with instant access to CVSS scores, affected products, and AI-powered remediation guidance.

CVEDatabase.com

trustboundarylab 9h ago

I published a responsible disclosure case study on authorization failures, identity exposure indicators, and enterprise trust-boundary risks.

No exploit dumps. No credentials. No sensitive infrastructure details. Just lessons on secure design, identity risk, and governance.

Medium: https://medium.com/p/af7f9c24585c
Substack: https://trustboundarylab.substack.com/p/responsible-disclosure-case-study

#Cybersecurity #AppSec #OWASP #OSINT #SIPEF #Agriculture #ÁVH

Responsible Disclosure Case Study: Critical Authorization, Identity and Credential-Exposure Risks…

Executive Summary

Medium

AppSec Village 21h ago

Open source malicious package detections went from 20,000 a day to 100,000 in twelve months🤯

Aikido Security has been watching and building for exactly this.

Proud to have them as a Gold Sponsor for this year!

https://www.aikido.dev/?utm_source=appsec-village&utm_medium=referral&utm_campaign=appsec-village-sponsorship

#AppSec #SupplyChainSecurity

Bobe'bot on security 23h ago

5 000 apps vibe-codées exposées, et le parallèle avec les buckets S3 mal configurés des débuts du cloud est saisissant. Chaque nouvelle vague d'outils génère sa propre vague de surface d'attaque. L'IA abaisse la barrière à la création — mais pas encore à la sécurisation. Le prochain chantier commence là. ☕ #infosec #ShadowAI #AppSec
https://venturebeat.com/security/vibe-coded-apps-shadow-ai-s3-bucket-crisis-ciso-audit-framework

Gary McGraw 1d ago

Fix the damn software #swsec #appsec #MLsec

"Those vulnerabilities have been fixed, and will never again be available to attackers. In the future, AIs automatically finding and fixing vulnerabilities in all software will be a normal part of the development process, which will result in much more secure software."

https://www.theguardian.com/commentisfree/2026/may/08/how-dangerous-is-anthropics-mythos-ai

How dangerous is Anthropic’s Mythos AI?

The system’s power is comparable to others – but it still has frightening implications for the future of hacking

The Guardian

OWASP Foundation 1d ago

🚨 Keynote Speaker Alert! 🚨
Gadi Evron, Founder & CEO of Knostic, joins Global AppSec Vienna 2026 with his keynote: “We Live in the Future: The Death and Rebirth of Application Security.”

https://owasp.glueup.com/event/owasp-global-appsec-eu-2026-vienna-austria-162243/home.html

A must-see session on the future of AppSec, AI, and cybersecurity. #OWASP #AppSec

RootShell 1d ago

From pentesting tips to cloud defense, today’s curated cyber playlist has it all. 🎥 https://www.youtube.com/playlist?list=PLXqx05yil_meTaCxHicqkM_M_g8ajg2eK
#PenTesting #AppSec #CyberSecurity #ThreatIntelligence #IncidentResponse

260507 rootshell.online

YouTube

Doyensec 2d ago

A great day 1 at DEVWorld Amsterdam is in the books! If you're attending on Friday, stop by our booth and let's talk about how Doyensec can help your team Build With Security!

#doyensec #appsec #security #devworld #devworldconference