Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.   #attack   #kubernetes

A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time.   #attack   #ci/cd

This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent configuration files used by Cursor and GitHub Copilot.   #ai   #attack

What MCP is, how it can save you time, and how it works behind the scenes.   #ai   #explain

An interactive blog post exploring how AWS NAT Gateway works.   #aws   #explain

In Google Cloud, Application Default Credentials (ADC) allows your code/applications to automatically find and use credentials.   #gcp   #iam

A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains.   #attack   #ci/cd   #supply-chain

How access to ServiceNow can be abused to perform a range of attacks, from Credential Retrieval to Code Execution.   #attack   #saas

CVE-2025-1767 exists in the gitRepo volume type and can allow users who can create pods with gitRepo volumes to get access to any other git repository on the node where the pod is deployed.   #attack   #containers

Imagine trying to disable a malicious user in your Azure environment, only to find it can't be modified! Datadog recently identified a timing-based bug in Entra ID's restricted administrative units (AUs) that could have allowed just this scenario to occur.   #attack   #azure

Action for generating build provenance attestations for workflow artifacts.

Opkssh is a tool which enables ssh to be used with OpenID Connect instead of long-lived SSH keys. You can also refer to the companion blog post.

Convert data from any of your security tools to OCSF.

Post demonstrating how RCPs can help improve your security posture while allowing even more freedom to developers in managing their resources, thus reducing friction between central security and application teams.

In this post, you'll learn how to implement Architecture Decision Records (ADRs) in your organization, based on best practices developed from experience with over 200 ADRs across multiple projects.

Creating an IAM program that is automated is the reasonable way to handle IAM at an enterprise with scale.

Google Cloud Backup and DR's protection summary offers a centralized view of data protection configuration, identifying gaps and improving resilience.

New repositories in BigQuery Studio help data teams collaborate on code stored in Git for better version control.

Microsoft is expanding Security Copilot with six security agents built by Microsoft and five security agents built by their partners, available for preview in April 2025.