Archive

blogblog
Dirty Little Secrets of Vulnerability Management

Dirty Little Secrets of Vulnerability Management

Exposing Common Misconceptions about CVEs, NVD, KEV Catalog, and EPSS

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #39: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #39: Weekly Cybersecurity Newsletter!

How good are LLMs at patching vulnerabilities? GitHub Artifact Attestations, MegaLinter, Malware distributed via StackOverflow

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #38: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #38: Weekly Cybersecurity Newsletter!

Stirring the pot, testing the top five AI Chatbots, using GitHub Actions for SOC2 Compliance, The Proactive Software Supply Chain Risk Management Framework

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #37: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #37: Weekly Cybersecurity Newsletter!

My take on transitive vulnerabilities, Pinning GitHub Actions, Ebury backdoor, Supply Chain Steganography, CVE Enrichment

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #36: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #36: Weekly Cybersecurity Newsletter!

20% of Docker Hub's repos host malicious content, OWASP Critique, and SCA Marketing Nonsense

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #35: GPT Exploits 87% of Sampled Vulnerabilities

CramHacks Chronicles #35: GPT Exploits 87% of Sampled Vulnerabilities

Building an AppSec Program, AI Exploiting Vulns, Compliance as Code, Artifact Attestations

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #34: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #34: Weekly Cybersecurity Newsletter!

Shifting left!, Google lays off Python team, hardened container images, and more!

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #33: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #33: Weekly Cybersecurity Newsletter!

Korea fears AI supply chain, GitHub hosts malware, Microsoft AD account compromise, EPSS Predicts Exploitability, and DataDog's State of DevSecOps

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #32: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #32: Weekly Cybersecurity Newsletter!

CISA releases Next-Gen Malware Analysis, Sisense's Security Slip-Up, Debating SAST's Value, Secure Defaults!

Kyle Kelly
blogblog
Why I Signed: An Open Letter to Congress on the National Vulnerability Database

Why I Signed: An Open Letter to Congress on the National Vulnerability Database

Neglecting the National Vulnerability Database: A Flaw We Can't Afford

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #31: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #31: Weekly Cybersecurity Newsletter!

Top 10 threats for 2030, End-of-life containers can mean 400+ CVEs per year, A review of zero-day in-the-wild exploits, and more!

Kyle Kelly
newsletternewsletter
CramHacks Chronicles #30: Weekly Cybersecurity Newsletter!

CramHacks Chronicles #30: Weekly Cybersecurity Newsletter!

xz/liblzma backdoor, PyPi suspends user registrations, OSV-Scanner offers guided remediation, and Chief AI Officers

Kyle Kelly
FirstBack
12345678
Next Last