Curated Images, hardening at scale, and security benchmarking. I'm genuinely impressed by RapidFort's instrumentation and hardening workflows.
Silicon Valley Spies, malicious GH actions, Wiz acquired for $32B, EPSSv4, lots more drama!
Taking over hundreds of popular apps, generating SBOMs at scale, UK govt releases OSS best practices and risks, getting frustrated with misrepresented data
Quietly load malicious vscode extensions, 2025 Open Source Security and Risk Analysis Report, Mixing up Public and Private Keys in OpenID Connect deployments, Open Source Project Security Baseline
How the industry is mitigating the risks of abusing lifecycle scripts, stolen credentials, and fake reputations!
The biggest supply-chain attacks in 2024, Top 10 web hacking techniques, whoAMI: A cloud image name confusion attack, Malicious Code & Vulnerabilities
RapidFort's Community Images: A Cost-Effective Solution for Enhanced Container Security Management
Measuring LLM Package Hallucination, Reviving Abandoned S3 Buckets, Maven begins validating Sigstore signatures, and Go Module Proxy cache abuse
I have a new Job! OSS usage trends, us-east-1.com DNS insights, CVEs for EOL versions, Palantir's security practices, OSS health checks, OSV-Scanner v2.0.0-beta1
Executive Order 14144, Homebrew warnings, Google’s Patch Rewards, StackOverflow's decline, GitHub antics, and insights on the Cyber Resilience Act
Exploring OSS Vulnerabilities, Google’s OSV Growth, GitHub Actions Security, Snyk's Controversy, CNCF Fuzzing Insights, and More
Explore the public availability of affected functions for OSS vulnerabilities and why vendors are spending millions to build private datasets.
