@Securedotcom profile picture
Secure.com @Securedotcom
Joined July 2025
  • Tweets 581
  • Following 80
  • Followers 71
126 Photos and videos
Your pen test passed. Since then: → 90 days of code shipped → Cloud config drifted → IAM unrecognisable from scope A pen test is a snapshot. Attackers probe live. The report reflects the old environment. The breach happens in the new one. Sign up today for our free yearly continuous Pentesting: secure.com/free-pentest
612
x.com/i/article/206466318160…

1
1
171
Every year, the best security minds in Europe gather in one place. This year, our CEO Uzair Gadit will be among them, at ExCeL London on June 2nd for @Infosecurity Europe. If you're attending and want to talk about where security execution is heading, find him on the floor.
1
3
92
Alert debt doesn't wait for business hours. 3 AM is where the gap between your SOC and your competitor's becomes visible.
15
Eid isn't a holiday for attackers. It's a window. Last year, a number of SMEs were breached during long weekends, when inboxes went unwatched, alerts went uninvestigated, and approvals went unsigned. Lean security teams don't lose to sophistication. They lose to timing. Our CEO Uzair Gadit spoke to @GulfBusiness about what regional SMEs should be thinking about before the long weekend. Read the full interview below: gulfbusiness.com/en/2026/int…
1
1
157
The gap between found and fixed is where breaches actually happen. Most AppSec teams don't have a discovery problem. They have a capacity problem. The fix isn't a better scanner. It's closing the loop between found and actually verified fixed. secure.com
31
Excited to welcome Nicholette Brown Hill to Secure.com. Nicholette joins as Founding GM, Americas and Head of Sales, Strategic Markets bringing 20 years of enterprise sales experience from Rackspace, VMware, and GuardDog AI. To the security leaders we'll get to partner with: we can't wait to earn your trust. Welcome to the team, Nicholette. 🎉
1
2
2
270
> be GitHub > trust your dev workflow > poisoned VS Code extension slips in > 3,800 internal repos reportedly exposed > TeamPCP allegedly lists the data for sale > “verified” still passes > “trusted” stops meaning safe > developer laptops are production infrastructure now Full breakdown ↓
Secure.com
@Securedotcom
May 21
x.com/i/article/205737465862…
55
x.com/i/article/205737465862…
1
79
Human-in-the-loop vs Human-in-the-way Here's a thread to define what it actually means. (1/6)👇
1
28
more replies
The AI security industry treats these as the same thing. They aren't. One makes your team faster. The other makes your AI safer. You need both. (5/6)
1
20
Speed without accountability is just faster risk. Governance without speed is just slower security. The answer isn't choosing one. It's knowing where each belongs. secure.com (6/6)
11
🚨It's still going. Mini Shai-Hulud has moved to the @antv ecosystem. @SocketSecurity confirmed an active publish wave hitting hundreds of packages. We broke down the full attack last week. The pattern is identical.
Secure.com
@Securedotcom
May 13
x.com/i/article/205446966175…
1
129
The cloud security industry spent a decade getting really good at finding misconfigs. Nobody built the layer that verifies they actually got fixed. That's not a tooling problem. That's a design choice nobody questioned. We did. → secure.com
1
56
This is what good breach disclosure looks like. Timely, specific, transparent on the extortion attempt, and a clear "we're not paying" with the FBI rationale. The token-to-codebase-access pattern keeps repeating across major orgs this month, same shape as the TanStack situation. Worth modeling the threat model around tokens, not just credentials.
Grafana@grafana
May 17
🚨 We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase. (1/6)
1
51
Every CISO we speak to has the same tools. Most of them have the same gaps. Here are 7 things keeping security leaders up at night.👇 (1/8)
1
1
35
more replies
The average enterprise security team runs 45 tools. Each one sees a slice of the environment. None of them talks to each other. More tools didn't close the gaps. They became the gaps. (7/8)
1
25
If any of this looks familiar... The teams closing these gaps aren't buying more tools. They're building a layer that connects what they already have. See how → secure.com (8/8)
20
Load more