https://blog.inventage.com/blogs/keycloak-competence-center/
#inventage #iam
๐ New here. AWS security engineer in Paris, AWS Community Builder.
I write open-source AWS security tooling: IAM privilege-escalation path detection, S3 / EC2 / Lambda misconfiguration scanners, and a tracker that records every change to AWS managed IAM policies over time.
Also maintain LocalEmu, a free local AWS emulator for testing without touching real accounts or credentials.
Here to learn from this community and share what I find. ๐
Please sign this petition to support fair wages/unionization efforts for garden workers!
The workers at the Botanical Garden here in #RVA voted to #unionize and are negotiating their contract. Garden leadership has been dragging their feet and engaging in regressive bargaining, so yesterday union members exercised their right to strike, called out, and picketed outside of the garden.
#union #petition #virginia #virginiapolitics #IAM #garden #botanicalgarden
๐จ The BSides Luxembourg 2026 keynote just dropped!
๐๐๐ฌ๐ก๐ข๐ง๐: ๐๐๐๐ก๐ง๐๐ง๐ฌ ๐ฆ๐๐๐จ๐ฅ๐๐ง๐ฌ ๐๐จ๐ฆ๐ง ๐๐ซ๐ฃ๐๐ข๐๐๐
Watch @wendynather's keynote, recorded live at the Digital Learning Hub Luxembourg Hub during ๐๐ฆ๐๐๐๐ฆ ๐๐จ๐ซ๐๐ ๐๐ข๐จ๐ฅ๐ ๐ฎ๐ฌ๐ฎ๐ฒ.
๐ค Wendy Nather
https://www.linkedin.com/in/wendynather/
๐ฅ Watch the full keynote:
https://archive.org/details/BSidesLuxembourg2026/d1+t1+02+Identity+Security+Just+Exploded+-+Wendy+Nather.mkv
#BSidesLuxembourg #IdentityManagement #CyberSecurity #IAM #DigitalIdentity #SecurityLeadership #DigitalLearningHub
๐จ Three Gitea/Gogs vulnerabilities just dropped โ and one is a CVSS 9.8 authentication bypass.
If you self-host Gitea or Gogs, this is not a โpatch laterโ situation:
โ ๏ธ CVE-2026-20896 โ Gitea Docker auth bypass
Anyone can impersonate any user with one HTTP header: `X-WEBAUTH-USER: admin`
โ ๏ธ CVE-2026-52807 โ Stored DOM XSS
A malicious milestone name can survive escaping and execute through Semantic UI.
โ ๏ธ CVE-2026-22874 โ Webhook SSRF
Gitea webhooks can become a path to AWS IMDS, cloud credentials, S3, Secrets Manager, ECR, and full cloud privilege abuse.
Self-hosted Git platforms hold source code, CI/CD secrets, deploy keys, webhooks, tokens, and internal infrastructure access.
Your code. Your secrets. Their access.
Upgrade now:
Gitea 1.26.3+
Gogs 0.14.3+
Full technical breakdown ๐
https://thecybersecguru.com/news/cve-2026-20896-gitea-authentication-bypass-dom-xss-ssrf/
#Gitea #Gogs #CyberSecurity #InfoSec #AppSec #DevSecOps #CVE #SSRF #XSS #Docker #CloudSecurity #AWS #IAM #AuthenticationBypass #Vulnerability #SelfHosted #Security
VPN's "trust once, access everything" model is why ransomware spreads. ZTNA verifies identity per application connection, limits blast radius to a single app, and enables real-time session revocation. Complete enterprise guide with Keycloak, Okta, and Entra ID integration patterns.
Vendor Security and Customer Requirement Questionnaires ask the same questions every time โ SIG, CAIQ, HECVAT, MVSP all cover the same ground with different phrasing. I stopped treating this as a writing problem and started treating it as a retrieval problem: pre-built corpus, offline TF-IDF matching, confidence scoring, link validation.
https://tobytes.com/articles/vendor-security-questionnaires-retrieval-problem

Every Vendor Security and Customer Requirement Questionnaire asks the same questions โ the SIG words them one way, CAIQ another, HECVAT a third. The standard approach is to re-derive answers from scratch each time. The better approach is to treat this as a retrieval problem: build a canonical corpus of approved answers once, and match new questions to it.