@j-00-ris.bsky.social
Reposted
The release candidate of the OWASP Top 10 2025 has been released
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
Introduction - OWASP Top 10:2025 RC1
OWASP Top 10:2025 RC1
owasp.org
November 7, 2025 at 12:19 PM
The release candidate of the OWASP Top 10 2025 has been released
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
Reposted
CycloneDX v1.7 is here!
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
CycloneDX SBOM Spec (OWASP) on X: "CycloneDX v1.7 is here! The latest release strengthens software & system transparency with: - Cryptography BOM (CBOM) - Data provenance & citations - Intellectual property visibility Learn more: https://t.co/VjHCDgC5tL #OWASP #CycloneDX #SBOM #CBOM #CyberSecurity" / X
CycloneDX v1.7 is here! The latest release strengthens software & system transparency with: - Cryptography BOM (CBOM) - Data provenance & citations - Intellectual property visibility Learn more: https://t.co/VjHCDgC5tL #OWASP #CycloneDX #SBOM #CBOM #CyberSecurity
x.com
October 21, 2025 at 3:40 PM
CycloneDX v1.7 is here!
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
Reposted
All the #Devoxx Belgium Deep Dive talks from the 2nd day are now available on the companion app and our YouTube channel! #Enjoy 🍿
www.youtube.com/@DevoxxForev...
www.youtube.com/@DevoxxForev...
October 8, 2025 at 5:54 AM
All the #Devoxx Belgium Deep Dive talks from the 2nd day are now available on the companion app and our YouTube channel! #Enjoy 🍿
www.youtube.com/@DevoxxForev...
www.youtube.com/@DevoxxForev...
Reposted
Welcome to Opt Out October, our collection of tips to slowly break free from online surveillance and throw sand in the gears of overreaching large tech companies. Today’s tip is about establishing good online security fundamentals. www.eff.org/deeplinks/2...
Opt Out October: Daily Tips to Protect Your Privacy and Security
Trying to take control of your online privacy can feel like a full-time job. But if you break it up into small tasks and take on one project at a time it makes the process of protecting your privacy
www.eff.org
October 1, 2025 at 4:30 PM
Welcome to Opt Out October, our collection of tips to slowly break free from online surveillance and throw sand in the gears of overreaching large tech companies. Today’s tip is about establishing good online security fundamentals. www.eff.org/deeplinks/2...
Reposted
Calling all AppSec pros, devs & security leaders! The OWASP Top 10 2025 is in the works & your input matters. Survey closes Oct 3 - don’t wait! forms.gle/jL3r5Xgg1H...
September 24, 2025 at 5:55 PM
Calling all AppSec pros, devs & security leaders! The OWASP Top 10 2025 is in the works & your input matters. Survey closes Oct 3 - don’t wait! forms.gle/jL3r5Xgg1H...
Reposted
Reposted
Yep, I've been pwned. 2FA reset email, looked very legitimate.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
@bad-at-computer.bsky.social Hey. Your npm account seems to have been compromised. 1 hour ago it started posting packages with backdoors to all your popular packages.
September 8, 2025 at 3:15 PM
Yep, I've been pwned. 2FA reset email, looked very legitimate.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
Interesting idea, to measure alignment, but a bit vague, with the Entropy Scorecard only available to paying customers(?), and its website returning a 403 outside of the US.
Most breaches don’t start in code.
They start in misalignment.
Entropy in leadership is the breach before the breach.
The Entropy Scorecard is how you pen-test it.
👉 Read more: open.substack.com/pub/stevetou...
They start in misalignment.
Entropy in leadership is the breach before the breach.
The Entropy Scorecard is how you pen-test it.
👉 Read more: open.substack.com/pub/stevetou...
The Alignment Advantage
Why the most resilient organizations don’t just pen-test their systems—they pen-test their leadership
open.substack.com
August 31, 2025 at 10:22 AM
Interesting idea, to measure alignment, but a bit vague, with the Entropy Scorecard only available to paying customers(?), and its website returning a 403 outside of the US.
Reposted
The MCP spec has been updated to include security best practices
• Confused deputy
• Token passthrough
• Session hijacking
modelcontextprotocol.io/specificatio...
• Confused deputy
• Token passthrough
• Session hijacking
modelcontextprotocol.io/specificatio...
Security Best Practices - Model Context Protocol
modelcontextprotocol.io
June 23, 2025 at 9:07 AM
The MCP spec has been updated to include security best practices
• Confused deputy
• Token passthrough
• Session hijacking
modelcontextprotocol.io/specificatio...
• Confused deputy
• Token passthrough
• Session hijacking
modelcontextprotocol.io/specificatio...
Reposted
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
April 15, 2025 at 5:23 PM
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
Reposted
Destroying the web's usability so they can sell it back to you in slop form is exactly what they're doing.
The Wikimedia Foundation, which owns Wikipedia, says its bandwidth costs have gone up 50% since Jan 2024 — a rise they attribute to AI crawlers.
AI companies are killing the open web by stealing visitors from the sources of information and making them pay for the privilege
AI companies are killing the open web by stealing visitors from the sources of information and making them pay for the privilege
April 2, 2025 at 9:25 AM
Destroying the web's usability so they can sell it back to you in slop form is exactly what they're doing.
Reposted
In this example, the 2 forks of the zygote process share the same scudo secret and memory layout, which basically removes it's security enhancements.
-
Keynote by Mathias Payer at @1ns0mn1h4ck.bsky.social #android #scudo #zygote #inso25
-
Keynote by Mathias Payer at @1ns0mn1h4ck.bsky.social #android #scudo #zygote #inso25
March 13, 2025 at 8:44 AM
In this example, the 2 forks of the zygote process share the same scudo secret and memory layout, which basically removes it's security enhancements.
-
Keynote by Mathias Payer at @1ns0mn1h4ck.bsky.social #android #scudo #zygote #inso25
-
Keynote by Mathias Payer at @1ns0mn1h4ck.bsky.social #android #scudo #zygote #inso25
Reposted
📢 @christophetd.fr will present "Code to Cloud: Exploiting Modern Web Applications to Breach Cloud Environments" at Insomni’hack 2025!
📖 Check out the programme now: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
📖 Check out the programme now: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
March 10, 2025 at 10:18 AM
📢 @christophetd.fr will present "Code to Cloud: Exploiting Modern Web Applications to Breach Cloud Environments" at Insomni’hack 2025!
📖 Check out the programme now: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
📖 Check out the programme now: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
Reposted
📢 Christophe Tafani-Dereeper will present "Code to Cloud: Exploiting Modern Web Applications to Breach Cloud Environments" at Insomni’hack 2025!
📖 Check the full lineup and get your ticket: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
📖 Check the full lineup and get your ticket: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
February 13, 2025 at 5:06 PM
📢 Christophe Tafani-Dereeper will present "Code to Cloud: Exploiting Modern Web Applications to Breach Cloud Environments" at Insomni’hack 2025!
📖 Check the full lineup and get your ticket: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
📖 Check the full lineup and get your ticket: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
Reposted
Seems like there's a bit of confusion around the recent @Semgrep licence change and the @opengrep fork and I think there are two key points to highlight.
1/10
1/10
January 24, 2025 at 11:04 AM
Seems like there's a bit of confusion around the recent @Semgrep licence change and the @opengrep fork and I think there are two key points to highlight.
1/10
1/10
Reposted
Fed up with Meta? Avoiding Instagram or Facebook isn’t enough to stop Meta from harvesting and profiting from your private information. Here’s how to limit Meta’s ability to monetize your personal data.
Mad at Meta? Don't Let Them Collect and Monetize Your Personal Data
If you’re fed up with Meta right now, you’re not alone. Meta tracks you across millions of websites and apps and its business model relies on your data. If you want to limit Meta’s ability to collect ...
www.eff.org
January 17, 2025 at 5:40 PM
Fed up with Meta? Avoiding Instagram or Facebook isn’t enough to stop Meta from harvesting and profiting from your private information. Here’s how to limit Meta’s ability to monetize your personal data.
Reposted
Lately, every BSides seems to have a talk on reframing security teams as a “Department of Yes”
We don’t hear nearly as much about the value of a well-considered, strategically deployed “No”
I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no
We don’t hear nearly as much about the value of a well-considered, strategically deployed “No”
I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no
How to Say “No” Well
Security’s pivot from ‘Department of No’ to ‘Department of Yes’ misses the real lesson - how to say ‘No’ the right way.
ramimac.me
December 30, 2024 at 3:08 PM
Lately, every BSides seems to have a talk on reframing security teams as a “Department of Yes”
We don’t hear nearly as much about the value of a well-considered, strategically deployed “No”
I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no
We don’t hear nearly as much about the value of a well-considered, strategically deployed “No”
I've pulled together guidance on giving a better, more constructive No:
ramimac.me/saying-no
Normalize telling your friends not to sign up for marketing emails just to get access to a service.
December 23, 2024 at 4:58 PM
Normalize telling your friends not to sign up for marketing emails just to get access to a service.