Just Announced for BSides Luxembourg 2026!

🔒 𝗦𝗘𝗖𝗨𝗥𝗘 𝗗𝗘𝗩𝗘𝗟𝗢𝗣𝗠𝗘𝗡𝗧 𝗟𝗜𝗙𝗘𝗖𝗬𝗖𝗟𝗘 𝗔𝗣𝗣𝗟𝗜𝗘𝗗 – 𝗠𝗔𝗞𝗘 𝗧𝗛𝗜𝗡𝗚𝗦 𝗠𝗢𝗥𝗘 𝗦𝗘𝗖𝗨𝗥𝗘 𝗘𝗩𝗘𝗥𝗬 𝗗𝗔𝗬 (2h Workshop) with Lisi Hocke
(@lisihocke)
Secure coding sounds overwhelming? This hands-on 2h workshop shows how: apply CIA triad, defence in depth, threat modeling, secure coding principles, security testing, and malware detection across the full dev lifecycle via interactive exercises on a real example. For anyone securing systems or reviving neglected ones. Gain core concepts, skills, and tactical advice to incrementally improve security daily.

Led by Lisi Hocke: (https://mastodon.social/@lisihocke) Security engineer & "specialized generalist," product security advocate, whole-team quality tester, community sharer.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg #DevSecOps #SecureDevelopment #SecurityDevelopmentLifecycle

Trivy supply chain compromise:
- 75 GitHub Action tags hijacked
- Infostealer deployed in CI/CD
- Secrets exfiltrated (SSH, cloud, K8s, wallets)
- Root cause: credential compromise
Lesson: Never trust tags. Pin SHAs.

Source: https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html

Follow @technadu
#InfoSec #DevSecOps #SupplyChain

Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/

#MCP #SoftwareSupplyChain #ContainerSecurity #DevSecOps

To accompany the v1.3 release of the OWASP Automated Threat Handbook - Web Applications, project co-Leader Tin Zaw produced a video to explain what the work is about. It is technology-, vendor- and jurisdiction- agnostic. The updated handbook is free and open source - as PDF, web pages and in print.

Watch "Automated Threats - Web's Hidden Puppeteers" on YouTube: https://youtu.be/6cNwrtzPP1E

#bot #bots #oats #automatedthreats #appsec #infosec #informationsecurity #devops #devsecops #owasp @owasp

DevSecOps Services That Actually Strengthen Your Software

Looking for reliable DevSecOps services? Deuex Solutions helps you build secure software from day one by integrating security into every stage of development. Explore trusted DevSecOps services in India for safer, faster releases.
https://medium.com/@deuexsolutions/devsecops-services-that-actually-strengthen-your-software-bfffcdeca3eb

#DevSecOps #DevSecOpsServices #CyberSecurity #SoftwareDevelopment #DevSecOpsIndia #SecureCoding #CloudSecurity #ITServices #DeuexSolutions

Quarkus security is easy to start. But turning an API into a real login system is not much harder.

In this tutorial we upgrade a Quarkus Security JPA app from HTTP Basic to:
• Form login
• “Remember me” sessions
• GitHub OIDC login
• Secure cookies

All step-by-step.
https://www.the-main-thread.com/p/quarkus-form-login-github-oidc-remember-me-jpa

#Quarkus #Java #OIDC #Keycloak #DevSecOps

GitLab 18.10 adds cheap AI code reviews, but do developers actually want them?

https://fed.brid.gy/r/https://nerds.xyz/2026/03/gitlab-agentic-ai-18-10/

Thanks #Helpnetsecurity for including #Coroot in your top 6 picks for #opensource cybersecurity tools in February!

Learn about new open tools that can improve your stack: https://www.helpnetsecurity.com/2026/02/26/hottest-cybersecurity-open-source-tools-of-the-month-february-2026/

#opensource #observability #monitoring #cybersecurity #devops #devsecops #sysadmin #AI #tech #freesoftware #nodejs #security #kubernetes #FOSS

⚙️ Harden Your DevSecOps Pipeline Workshop!

𝗟𝗘𝗩𝗘𝗟 𝗨𝗣 𝗬𝗢𝗨𝗥 𝗖𝗜/𝗖𝗗: 𝗕𝗨𝗜𝗟𝗗𝗜𝗡𝗚 𝗔 𝗦𝗘𝗖𝗨𝗥𝗘 𝗣𝗜𝗣𝗘𝗟𝗜𝗡𝗘 𝗪𝗜𝗧𝗛 𝗢𝗦𝗦 (4h Workshop) with 𝗔𝗡𝗗𝗢𝗡𝗜 𝗔𝗟𝗢𝗡𝗦𝗢 & 𝗣𝗔𝗖𝗢 𝗦𝗔𝗡𝗖𝗛𝗘𝗭
What’s the "perfect" secure CI/CD pipeline? This hands-on 4h workshop shows you using open-source tools: integrate SAST (Semgrep), SCA, secrets detection (TruffleHog), IaC scanning, container vuln checks (Trivy), and more across the full DevSecOps lifecycle. Through live demos (break & fix), you’ll see each stage’s security goal, tool integration, and principles – not just copy-paste, but adaptable techniques for your own hardened pipelines.

Led by Andoni Alonso https://bsky.app/profile/andoniaf.unicrons.cloud (Prowler Open Cloud Security, unicrons.cloud founder, ex-SRE turned security/CTF pro) & Paco Sanchez https://pretalx.com/bsidesluxembourg-2026/speaker/UNNQE8/ (SRE in Developer Productivity/Platform Engineering, pragmatic tool-builder).

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https:// 2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

Build secure pipelines that actually work – OSS only! 🚀
#BsidesLuxembourg #OSS #OpenSource #SecurePipeline #CICD #DevSecOps

If you mount SSH keys into Docker for an AI coding agent, that agent can do whatever it wants with them. Push to any repo. Access any server. Frameworks that remove HITL mean nobody's watching.

Airlock v0.2.0 fixes this. Containers never hold credentials. A host-side daemon proxies CLI tools over a unix socket. Each container gets a profile with only the commands and credentials it needs. Nothing more.

https://github.com/calebfaruki/airlock/releases/tag/v0.2.0

#InfoSec #Docker #OpenSource #DevSecOps #AI #Rust