For organizations with a lot of github repos, this update from github makes it easy to view, track, group, identify and fix similar issues across multiple repos. A centralized dashboard for your code security vulnerability tracking.... https://lnkd.in/g9wp3hdC

🚨 Still patching in 2024? A serious threat from 2016 is lurking! 🚨 We need to talk about CVE-2016-0167, a Microsoft Win32k Privilege Escalation Vulnerability. This isn't new, but it's critical because it was added to the Known Exploited Vulnerabilities

Launching: "Rate My Repo" for Smart Contract Security We're offering free Azimuth security analysis for the first 20 repos. How it works: • Comment with your GitHub repo link • We run behavioral security testing (RL agents actively try to exploit your contracts) • You get: Vulnerabilities found, exploit paths, proof-of-concept code Azimuth doesn't just scan for patterns—it proves exploits work by executing attacks in simulation. Drop your repo in the comments or DM if you prefer private analysis. #SmartContracts #Web3Security

Just released another entry in my blog series looking at the unpatchable vulnerabilities of Kubernetes. Whilst the CVEs are quite old, understanding them is useful, both to understand if you need to apply mitigations and also for some of the low-level Kubernetes implementation details they involve. https://lnkd.in/e_E69vBc

If you're using Kiuwan, you're already identifying vulnerabilities early—before they reach production. But here's the hard truth: secure code that isn't protected at runtime is still exposed. Static analysis strengthens what you build, while runtime protection defends what you ship. In our recent webinar with PreEmptive, we discussed why modern resilience requires both: ✔ Code-level security testing ✔ Runtime application self-protection Integrated quality operations close the lifecycle gap from commit to production. If you're ready to extend your protection beyond code analysis, learn how Kiuwan and PreEmptive work together to secure the full spectrum: https://lnkd.in/e5HgtJQX

When you're building apps, it's a good practice to bake security into the whole process. And that's what you'll learn how to do in this DevSecOps + API security course. It covers common vulnerabilities, why API security matters, key principles of DevSecOps, and more. https://lnkd.in/g2z3JGUv

Semgrep Community Edition applies community-maintained rule sets to analyze files tracked by the `.git` file inside your project, identifying security vulnerabilities and insecure coding patterns. After the scan completes, Semgrep CLI produces a concise, structured summary of findings, including rule identifiers, matched code snippets, and file locations to support further investigation and remediation. The community edition is free. Read more👇 https://lnkd.in/gB6TNF-R

Security scanners do their job well. The challenge is that not every finding they surface requires action. Test code, vendored dependencies, and known false positives create noise that slows triage and buries the vulnerabilities that actually matter. GitLab's auto-dismiss vulnerability policies let security teams codify those decisions once and apply them automatically, so the focus stays on what's real. Swipe through for 5 findings that are worth automating. Full tutorial in the comments.

MirrorTrail update just shipped. For context: MirrorTrail is a Bash script I built for Attack Surface Management. It chains subfinder and amass for subdomain enumeration, httpx for live host filtering, and nuclei for targeted vulnerability scanning. Feed it a target list, get back a clean, timestamped set of results. This update fixes a persistent "event not found" error that was breaking execution in Zsh. The root cause: Zsh expands exclamation marks inside double-quoted strings at parse time, before the script even runs. That means set +H and similar workarounds do nothing. Fix was to remove all ! characters from echo strings throughout the script. Also cleaned up in this update: - Removed duplicate code blocks that had crept into the script - Fixed a truncated nuclei echo line with no closing quote - Replaced cat file | wc -l with the cleaner wc -l < file MirrorTrail is built strictly for authorized bug bounty programs and internal security assessments. https://lnkd.in/etiNa5GQ #Cybersecurity #BugBounty #AttackSurfaceManagement #Recon #EthicalHacking

If you use Claude code. please pause and take some time in understanding the risk presently, whatever the reason for the source code leak, focus on hardening your security rails. Start with separation of environments and find a clean device to update passwords, keys etc. Who knows what vulnerabilities this will introduce very soon. If Claude code is embedded into your pipeline, time to pause and analyse. Good luck.