Mastodawn

New research shows AI coding agents can be tricked by hidden README instructions into leaking local configs/logs in up to 85% of cases — and humans rarely spot it. Treat docs as partially trusted input, not truth.🔗https://zurl.co/ThKyM #AIsecurity #DevSecOps #CyberSecurity

anchore 1d ago

Scale-out architecture for web-scale environments 📈

Because your containers don't wait for security scans ⏱️

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

BSidesLuxembourg 1d ago

Just Announced for BSides Luxembourg 2026!

🔒 𝗦𝗘𝗖𝗨𝗥𝗘 𝗗𝗘𝗩𝗘𝗟𝗢𝗣𝗠𝗘𝗡𝗧 𝗟𝗜𝗙𝗘𝗖𝗬𝗖𝗟𝗘 𝗔𝗣𝗣𝗟𝗜𝗘𝗗 – 𝗠𝗔𝗞𝗘 𝗧𝗛𝗜𝗡𝗚𝗦 𝗠𝗢𝗥𝗘 𝗦𝗘𝗖𝗨𝗥𝗘 𝗘𝗩𝗘𝗥𝗬 𝗗𝗔𝗬 (2h Workshop) with Lisi Hocke
(@lisihocke)
Secure coding sounds overwhelming? This hands-on 2h workshop shows how: apply CIA triad, defence in depth, threat modeling, secure coding principles, security testing, and malware detection across the full dev lifecycle via interactive exercises on a real example. For anyone securing systems or reviving neglected ones. Gain core concepts, skills, and tactical advice to incrementally improve security daily.

Led by Lisi Hocke: (https://mastodon.social/@lisihocke) Security engineer & "specialized generalist," product security advocate, whole-team quality tester, community sharer.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg #DevSecOps #SecureDevelopment #SecurityDevelopmentLifecycle

TechNadu 2d ago

Trivy supply chain compromise:
- 75 GitHub Action tags hijacked
- Infostealer deployed in CI/CD
- Secrets exfiltrated (SSH, cloud, K8s, wallets)
- Root cause: credential compromise
Lesson: Never trust tags. Pin SHAs.

Source: https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html

Follow @technadu
#InfoSec #DevSecOps #SupplyChain

anchore 3d ago

Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/

#MCP #SoftwareSupplyChain #ContainerSecurity #DevSecOps

Colin Watson 3d ago

To accompany the v1.3 release of the OWASP Automated Threat Handbook - Web Applications, project co-Leader Tin Zaw produced a video to explain what the work is about. It is technology-, vendor- and jurisdiction- agnostic. The updated handbook is free and open source - as PDF, web pages and in print.

Watch "Automated Threats - Web's Hidden Puppeteers" on YouTube: https://youtu.be/6cNwrtzPP1E

#bot #bots #oats #automatedthreats #appsec #infosec #informationsecurity #devops #devsecops #owasp @owasp

Deuex Solutions 3d ago

DevSecOps Services That Actually Strengthen Your Software

Looking for reliable DevSecOps services? Deuex Solutions helps you build secure software from day one by integrating security into every stage of development. Explore trusted DevSecOps services in India for safer, faster releases.
https://medium.com/@deuexsolutions/devsecops-services-that-actually-strengthen-your-software-bfffcdeca3eb

#DevSecOps #DevSecOpsServices #CyberSecurity #SoftwareDevelopment #DevSecOpsIndia #SecureCoding #CloudSecurity #ITServices #DeuexSolutions