ChiefGyk3DMay 25

Want to build more secure apps? 💻 Security engineers are shifting left and integrating checks into your CI/CD pipeline. Learn about tools like Trivy, SonarQube, and Dependabot in this quick #shorts! Check it out! #SecurityEngineer #CICD #DevSec

https://www.youtube.com/watch?v=Sqi4_LIo3qU

lobo May 21
The #DevSec, #AppSec team is absolutely f***ed with this whole LLM/AI landscape. No joke! I’m not even exaggerating.
ChiefGyk3DApr 3

AI's changing how we build apps, but are they safe? 😬 Developers, are you skipping security steps? This short dives into why expert oversight is key to avoiding vulnerabilities like hard-coded passwords. New video – check it out! #AIsecurity #SoftwareSecurity #DevSec

https://www.youtube.com/watch?v=DcwHnRlZvTQ

JamesMar 26
LiteLLM supply chain attack: 97M monthly downloads, one malicious update, every secret stolen. The library helps AI apps connect to different models, so when hackers poisoned it, the damage spread to countless dependent projects. This is why we isolate our Python environments. #AISupplyChain #CyberSecurity #PythonSecurity #DevSec #AITools
Hackread.comDec 18

NEW: Developers, crypto users, and job seekers beware - North Korea’s Lazarus Group is deploying a new #BeaverTail variant to steal credentials and crypto via fake job offers, dev tools and smart contracts.

Read: https://hackread.com/lazarus-embed-beavertail-variant-developer-tools/

#CyberSecurity #Lazarus #NorthKorea #DevSec #InfoStealer

Lazarus Group Embed New BeaverTail Variant in Developer Tools

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

shibayashiSep 30, 2025
Moin von der #heise #devSec 2025 in #Regensburg.
EpiphytJul 16, 2025

Aufgrund einer fehlenden Prüfung auf den Dateityp war es in Form Block möglich, jede Art von Datei hochzuladen, indem man dem Server eine falsche Information über den Dateityp mitgab. Dieses Problem ist mit Form Block 1.5.6 behoben, ein Update wird empfohlen.

[…]

https://epiph.yt/blog/2025/beliebiger-datei-upload-in-form-block-1-5-6-behoben/

#DevSec #FormBlock #Plugin #Sicherheit #Update #WordPress

Beliebiger Datei-Upload in Form Block 1.5.6 behoben | Epiphyt

Aufgrund einer fehlenden Prüfung auf den Dateityp war es in Form Block möglich, beliebige Dateien hochzuladen. Das ist mit Form Block 1.5.6 behoben.

Epiphyt
EpiphytJul 16, 2025

Due to a missing file type check, it was possible to upload files of any type in Form Block, just by telling the server that it is a different type. This has been fixed in Form Block 1.5.6, updating is highly recommended.

[…]

https://epiph.yt/en/blog/2025/fixing-arbitrary-file-upload-in-form-block-1-5-6/

#DevSec #FormBlock #Plugin #Security #Update #WordPress

Fixing arbitrary file upload in Form Block 1.5.6 | Epiphyt

Due to a missing file type check, it was possible to upload files of any type in Form Block, just by telling the server that it is a different type. This has been fixed in Form Block 1.5.6…

Epiphyt
guisso May 29, 2025
Criei um labzinho de desenvolvimento seguro espefico para uma linguagem e vulnerabilidade que estava pegando aqui com os devs, tem td um passo a passo, quem quiser. #js #appsec #devsec #learn https://github.com/fguisso/backoffice-balm
Alex BMay 26, 2025

🛡️ ¿Tu app está en internet? Ya puede estar en Shodan.

Antes de escanear, un atacante recolecta. Aprende cómo funciona el OSINT y qué info estás regalando sin saberlo.

Checklist + herramientas básicas para devs → https://greyhat.cl/posts/osint-para-desarrolladores-como-piensan-los-atacantes-antes-de-escanear-tu-app

#OSINT #Ciberseguridad #DevSec #DesarrolloSeguro #Greyhat

OSINT para desarrolladores: cómo piensan los atacantes antes de escanear tu app

Antes de lanzar un ataque, un atacante se detiene a observar. Recolecta piezas sueltas de información, como quien arma un mapa antes de invadir un territorio. Eso es OSINT (Open Source Intelligence...