Are you ready for #OWASP Global #AppSec EU? Be part of the action as a volunteer! Your contribution can make a real impact. Fill out the form today to join something incredible! Don't miss out, sign up here: https://owasp.wufoo.com/forms/z1jihpei0ws2e3v/ #devsecops #threatmodeling #infosec

Consumers should know and exercise their #privacy rights. Here's a summary of the California Consumer Privacy Act (CCPA) at #PalUpNow!. This includes the development of new measures that extend #compliance to #California residents and beyond.

#CCPA #USA #global #CISO #InfoSec #DevSecOps #legal

CCPA Update From DPO Office: California Consumer Privacy Act
https://palupnow.com/blogs/f/ccpa-update-from-dpo-office-california-consumer-privacy-act

AI Code Assistants: A Double-Edged Sword?

AI-powered coding tools are revolutionizing development workflows, but they come with hidden dangers:

Hallucinated Dependencies: AI suggests packages that don’t exist.
Slopsquatting Attacks: Malicious actors register these fake packages, leading to potential security breaches.
Automated Installation Risks: Some AI agents might auto-install these without developer awareness.
False Legitimacy: AI-generated summaries can falsely validate these malicious packages.

Stay Vigilant: Always double-check AI-generated code and dependencies. Trust, but verify.

#AI #CyberSecurity #DevSecOps #SupplyChain #SoftwareDevelopment
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain

Computer Vision I - Intro

https://dev.to/sc0v0ne/computer-vision-i-intro-3hm0

New Video Drop!

Security is no longer optional — it’s baked into DevOps from day one.

I’m breaking down DevSecOps in plain English — no fluff, no jargon. Just real talk on building secure, resilient systems.

https://youtu.be/xLah-QzUH50

We love all things #SNYK for code security. Here's the integration doc for #Azure DevOps pipeline tasks: https://docs.snyk.io/scm-ide-and-ci-cd-integrations/snyk-ci-cd-integrations/azure-pipelines-integration #DevSecOps #PlatformEngineer #CyberSecurity

Over 60% of data breaches come from insiders—not hackers.

In tech, the threat is closer than you think.

From late-night logins to employees snooping in places they shouldn't, insider threats often leave clues.

Learn the 10 red flags that smart companies never ignore: https://blueheadline.com/tech-news/insider-threats-10-red-flags/

Which red flags have YOU seen in your tech career?
Let’s talk patterns, prevention, and protecting our data

Are you missing key AWS security blind spots? SCPs, IAM misconfigurations, serverless risks & more could expose your cloud. SentinelOne shares 6 gaps + actionable fixes to secure your environment. #AWS #CloudSecurity #Cybersecurity #DevSecOps https://zurl.co/lnZbG

How secure is your LLM-powered app, really?

Join Brian Vermeer and Lize Raes at #JCON2025 as they tackle the dark side of AI:
Prompt injection
Key leakage
Data abuse risks
And how YOUR system vulnerabilities impact #AI behavior.
Get practical strategies to build secure & privacy-compliant #LLM applications—because your AI shouldn’t turn against you.

https://2025.europe.jcon.one/tickets

Excited for #OWASP Global #AppSec EU? Wanna join us as a volunteer? We need your help to make it a hit! Just fill out the form now and be part of something awesome! Check it out here: https://owasp.wufoo.com/forms/z1jihpei0ws2e3v/ #devsecops #threatmodeling #infosec

Whoa, just checked out the latest GitGuardian report. It's wild how many secrets popped up *again*! We're talking millions of credentials just floating around out there.

And here's the kicker: it's not *only* about human slip-ups anymore. You've got more and more 'Non-Human Identities' (NHIs) – think bots, scripts, AI agents – churning out secrets too. And honestly? Those NHI secrets often get way less attention than the ones people handle.

As a pentester, I bump into this constantly. Find an old, forgotten API key lying around, and *boom* – system's compromised. Yeah, automated scans are definitely helpful, but nothing beats having solid secrets management in place. It's absolutely crucial.

So, how's everyone else keeping their secrets locked down? Got any killer best practices to share?

When the next #IngressNightmare happens, will you be ready? Join our #webinar to learn how to implement runtime #SBOM inventory for immediate zero-day vulnerability assessment. Technical demo included. https://get.anchore.com/rapid-incident-response-with-sboms/ #ZeroDay #DevSecOps

AI is transforming vulnerability management.

Discover how AI-powered Software Posture Management (SPM) is changing the game for vulnerability detection and remediation. From proactive risk management to smarter decision-making, learn how enterprises can secure their software supply chains with confidence.

Read the blog to explore the future of AI in vulnerability management: https://www.activestate.com/uncategorised/ai-spm-vulnerability-management-detection/

Excited to showcase your skills on stage? Join #OWASP Global #AppSec USA in Washington, DC this November! Don't miss out on this amazing opportunity - submit your presentations now for a chance to shine! Apply here: https://sessionize.com/owasp-global-appsec-USA-2025-cfp2/ #infosec #AI #devsecops #SBOMM

Let’s be real: #DevOps isn’t just about tools. It’s about people, culture, and building smarter ways to ship better software—faster.

At ATIX, we roll up our sleeves and work alongside your team to:

Spot what’s slowing you down
Fine-tune how your teams collaborate
Help you release with more confidence (and less chaos)

Think it’s time for a smoother ride? Let’s talk.

https://atix.de/en/services/consulting/devops/

P.S. This is not fine

Can you trace every #AI decision your system ever made? Regulators want more than logs. @spoole167 shares the checklist you didn’t know you needed.
Covers AI risk levels & audit trails.

Read Part 3: https://javapro.io/2025/04/08/move-fast-break-laws-ai-open-source-and-devs-part-3/

Meet the Keynote Speakers for OWASP Global AppSec EU 2025 in Barcelona!

Join us May 26-30, 2025, for an incredible lineup of speakers, including two industry leaders shaping the future of cybersecurity.

Dr. Kate Labunets – Assistant Professor, Utrecht University

Sarah-Jane Madden – Director of Cyber Defense, Fortive

Register
https://owasp.glueup.com/event/123983/register/

Open source is the backbone of modern enterprises, but risks are growing:

Limited visibility into dependencies
Slow updates leave systems vulnerable
Complex fixes delay remediation

Our 2025 State of Vulnerability Management and Remediation Report offers insights to help enterprises strengthen their security posture.

Download the report today! https://www.activestate.com/resources/white-papers/the-2025-state-of-vulnerability-man[…]20Remediation%20Report&utm_source=mastodon&utm_medium=social