NEW: Developers, crypto users, and job seekers beware - North Korea’s Lazarus Group is deploying a new #BeaverTail variant to steal credentials and crypto via fake job offers, dev tools and smart contracts.

Read: https://hackread.com/lazarus-embed-beavertail-variant-developer-tools/

#CyberSecurity #Lazarus #NorthKorea #DevSec #InfoStealer

Aufgrund einer fehlenden Prüfung auf den Dateityp war es in Form Block möglich, jede Art von Datei hochzuladen, indem man dem Server eine falsche Information über den Dateityp mitgab. Dieses Problem ist mit Form Block 1.5.6 behoben, ein Update wird empfohlen.

[…]

https://epiph.yt/blog/2025/beliebiger-datei-upload-in-form-block-1-5-6-behoben/

#DevSec #FormBlock #Plugin #Sicherheit #Update #WordPress

Due to a missing file type check, it was possible to upload files of any type in Form Block, just by telling the server that it is a different type. This has been fixed in Form Block 1.5.6, updating is highly recommended.

[…]

https://epiph.yt/en/blog/2025/fixing-arbitrary-file-upload-in-form-block-1-5-6/

#DevSec #FormBlock #Plugin #Security #Update #WordPress

🛡️ ¿Tu app está en internet? Ya puede estar en Shodan.

Antes de escanear, un atacante recolecta. Aprende cómo funciona el OSINT y qué info estás regalando sin saberlo.

Checklist + herramientas básicas para devs → https://greyhat.cl/posts/osint-para-desarrolladores-como-piensan-los-atacantes-antes-de-escanear-tu-app

#OSINT #Ciberseguridad #DevSec #DesarrolloSeguro #Greyhat

🚨 Mark your calendars! 🚨

Join us for the OWASP Global AppSec US Conference in Washington, D.C., November 3–7, 2025 at the Marriott Marquis!

We're thrilled to announce our keynote speaker: Adam Shostack

Ready to level up your skills, grow your network, and ignite your passion for security?

🎟️ Register now and be part of the future of cybersecurity! https://owasp.glueup.com/event/131624/register/

#OWASP #AppSec #Cybersecurity #ThreatModeling #GlobalAppSecUS #SecureCoding #DevSecOps #DevSec #WashingtonDC #Hacking

Join Liran Tal at OWASP Global AppSec EU 2025 in Barcelona for an eye-opening session on the real security implications of TypeScript!

🛡️ Friend or Foe? TypeScript Security Fallacies
📅 Thursday, May 29, 2025
⏰ 2:15 PM – 3:00 PM CEST

🔗 Register: https://owasp.glueup.com/event/123983/register/

With live demos and actionable insights, this talk is a must for anyone building with TypeScript.

#OWASP #AppSecEU2025 #TypeScriptSecurity #SecureCoding #DevSecOps #AppSec #DevSec #Barcelona

Join Dag Flachet at OWASP Global AppSec EU 2025 in Barcelona for a powerful session on building better AppSec programs—one small step at a time.

🔄 Kaizen for Your AppSec Program: Turning Big Problems into Small Steps
📅 Thursday, May 29, 2025
⏰ 3:30 PM – 4:15 PM CEST

🔗 Register: https://owasp.glueup.com/event/123983/register/

Perfect for AppSec managers and anyone looking to build sustainable, human-centered security practices.

#OWASP #AppSecEU2025 #DevSec #AppSec #SecureDevelopment #Barcelona

Security folks found a flaw in all major LLMs. This one is big - all AI safety measures can fail.

#AI #Security #DevSec https://hiddenlayer.com/innovation-hub/novel-universal-bypass-for-all-major-llms/