#keycloak : Wie aus Projekten ein Competence Center und ein Produkt entstand
https://blog.inventage.com/blogs/keycloak-competence-center/
#inventage #iam
Keycloak: Wie aus Projekten ein Competence Center und ein Produkt entstand ยท Inventage

Wir setzen Keycloak seit รผber zehn Jahren ein. Aus diesem Einsatz sind unser Keycloak Competence Center und das Produkt Uniport IAM entstanden.

Identity & Access Management (IAM) is more critical than ever. Check out our latest infographic highlighting the rise of passwordless authentication and its impact on security. Learn how leading healthcare organizations are adopting these trends to enhance security and compliance. #IAM #Passwordless #HealthcareTech #SecurityTrends

๐Ÿ‘‹ New here. AWS security engineer in Paris, AWS Community Builder.

I write open-source AWS security tooling: IAM privilege-escalation path detection, S3 / EC2 / Lambda misconfiguration scanners, and a tracker that records every change to AWS managed IAM policies over time.

Also maintain LocalEmu, a free local AWS emulator for testing without touching real accounts or credentials.

Here to learn from this community and share what I find. ๐Ÿ”’

#InfoSec #CloudSecurity #AWS #IAM #opensource #devsecops

https://actionnetwork.org/petitions/support-fair-wages-for-the-workers-who-make-lewis-ginter-botanical-garden-thrive/

Please sign this petition to support fair wages/unionization efforts for garden workers!

The workers at the Botanical Garden here in #RVA voted to #unionize and are negotiating their contract. Garden leadership has been dragging their feet and engaging in regressive bargaining, so yesterday union members exercised their right to strike, called out, and picketed outside of the garden.

#union #petition #virginia #virginiapolitics #IAM #garden #botanicalgarden

CAPTCHA check

๐Ÿšจ The BSides Luxembourg 2026 keynote just dropped!

๐—ž๐—˜๐—ฌ๐—ก๐—ข๐—ง๐—˜: ๐—œ๐——๐—˜๐—ก๐—ง๐—œ๐—ง๐—ฌ ๐—ฆ๐—˜๐—–๐—จ๐—ฅ๐—œ๐—ง๐—ฌ ๐—๐—จ๐—ฆ๐—ง ๐—˜๐—ซ๐—ฃ๐—Ÿ๐—ข๐——๐—˜๐——

Watch @wendynather's keynote, recorded live at the Digital Learning Hub Luxembourg Hub during ๐—•๐—ฆ๐—œ๐——๐—˜๐—ฆ ๐—Ÿ๐—จ๐—ซ๐—˜๐— ๐—•๐—ข๐—จ๐—ฅ๐—š ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฒ.

๐Ÿ‘ค Wendy Nather
https://www.linkedin.com/in/wendynather/

๐ŸŽฅ Watch the full keynote:
https://archive.org/details/BSidesLuxembourg2026/d1+t1+02+Identity+Security+Just+Exploded+-+Wendy+Nather.mkv

#BSidesLuxembourg #IdentityManagement #CyberSecurity #IAM #DigitalIdentity #SecurityLeadership #DigitalLearningHub

๐Ÿšจ Three Gitea/Gogs vulnerabilities just dropped โ€” and one is a CVSS 9.8 authentication bypass.

If you self-host Gitea or Gogs, this is not a โ€œpatch laterโ€ situation:

โš ๏ธ CVE-2026-20896 โ€” Gitea Docker auth bypass
Anyone can impersonate any user with one HTTP header: `X-WEBAUTH-USER: admin`

โš ๏ธ CVE-2026-52807 โ€” Stored DOM XSS
A malicious milestone name can survive escaping and execute through Semantic UI.

โš ๏ธ CVE-2026-22874 โ€” Webhook SSRF
Gitea webhooks can become a path to AWS IMDS, cloud credentials, S3, Secrets Manager, ECR, and full cloud privilege abuse.

Self-hosted Git platforms hold source code, CI/CD secrets, deploy keys, webhooks, tokens, and internal infrastructure access.

Your code. Your secrets. Their access.

Upgrade now:
Gitea 1.26.3+
Gogs 0.14.3+

Full technical breakdown ๐Ÿ‘‡
https://thecybersecguru.com/news/cve-2026-20896-gitea-authentication-bypass-dom-xss-ssrf/

#Gitea #Gogs #CyberSecurity #InfoSec #AppSec #DevSecOps #CVE #SSRF #XSS #Docker #CloudSecurity #AWS #IAM #AuthenticationBypass #Vulnerability #SelfHosted #Security

SAML 2.0 is the foundation of virtually every enterprise SSO integration deployed in the last 20 yearโ€” and understanding it is unavoid https://hackernoon.com/saml-20-explained-the-backbone-of-enterprise-sso #iam
SAML 2.0 Explained: The Backbone of Enterprise SSO | HackerNoon

SAML 2.0 is the foundation of virtually every enterprise SSO integration deployed in the last 20 yearโ€” and understanding it is unavoid

VPN's "trust once, access everything" model is why ransomware spreads. ZTNA verifies identity per application connection, limits blast radius to a single app, and enables real-time session revocation. Complete enterprise guide with Keycloak, Okta, and Entra ID integration patterns.

https://iamdevbox.com/posts/ztna-vs-vpn-zero-trust-network-access-complete-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=blog_post

#zerotrust #ztna #vpn #networksecurity #iam

Vendor Security and Customer Requirement Questionnaires ask the same questions every time โ€” SIG, CAIQ, HECVAT, MVSP all cover the same ground with different phrasing. I stopped treating this as a writing problem and started treating it as a retrieval problem: pre-built corpus, offline TF-IDF matching, confidence scoring, link validation.

https://tobytes.com/articles/vendor-security-questionnaires-retrieval-problem

#security #infosec #iam

Vendor Security and Customer Requirement Questionnaires as a Retrieval Problem

Every Vendor Security and Customer Requirement Questionnaire asks the same questions โ€” the SIG words them one way, CAIQ another, HECVAT a third. The standard approach is to re-derive answers from scratch each time. The better approach is to treat this as a retrieval problem: build a canonical corpus of approved answers once, and match new questions to it.