Oh was that in prod devsecops self hardening on a budget?

أداة Checkpoint: أداة أمنية مخصّصة لتطبيقات Laravel تقوم بفحص المشروع واكتشاف الثغرات الأمنية، وأخطاء الإعدادات، والممارسات البرمجية غير الآمنة، مع دعم التدقيق في الحزم والتبعيات والمشكلات الشائعة قبل النشر. andreapollastri/checkpoint: Laravel Security Tool github.com/andreapollastri/c… #الأمن_السيبراني #Laravel #AppSec #DevSecOps

Kubesplaining - A Kubernetes attack path analysis tool that identifies RBAC abuse, privilege escalation routes, pod escape opportunities, and potential paths to cluster compromise. Source: github.com/0hardik1/kubespla… #Kubernetes #CloudSecurity #K8s #DevSecOps #CyberSecurity

Architecture Decisions That Define Great Software Day 9 Security by design Security built in at the architecture stage costs a fraction of security bolted on later linkedin.com/posts/kartik-la… #SecurityEngineering #SoftwareArchitecture #SystemDesign #DevSecOps #EngineeringLeadership

⚽ Hackers Don't Miss. Are Your Defenses Ready? Discover practical DevSecOps and cybersecurity techniques that help teams detect threats earlier, respond faster, and build more resilient systems. 🎟️ conference.mscc.mu #MSCC #DevCon26 #Mauritius #CyberSecurity

【LiteLLM脆弱性チェーン、AIゲートウェイ乗っ取りとAPIキー窃取に注意】 LiteLLMで複数の脆弱性を組み合わせた攻撃チェーンが報告されています。 低権限ユーザーが認証バイパス、権限昇格、サンドボックス脱出を組み合わせることで、AIゲートウェイの制御やサーバ側コード実行に至る可能性があります。 影響が大きいのは、LiteLLMがOpenAI、Anthropic、Gemini、Bedrock、Azureなどのprovider keyを集約しやすい点です。 防御側は修正適用だけでなく、master key、salt key、DB URL、provider keyのローテーション、callback設定、異常なモデル応答、API利用量の急増を確認してください。 AI基盤は今後、認証情報窃取の高価値ターゲットとして扱う必要があります。 #サイバーセキュリティ #AIセキュリティ #LiteLLM #脆弱性 #APIキー #DevSecOps #SOC thehackernews.com/2026/06/li…

Excited to see Adaptive Learning featured in @sdtimes! This new capability in @SecCodeWarrior personalizes #SecureCoding training based on how developers use AI, making learning smarter & more effective. Read the full story: ow.ly/BjbA50Zc5ov #DevSecOps

Security is harder. RHEL Image Mode improves DevSecOps with immutable infra, build-time scanning, and atomic updates for robust OS protection. #vulnerabilitymanagement #devsecops #containersecurity #shiftleftsecurity

Hot take: having security tools isn't the same as having security. If your scanning doesn't gate a release, it's not a control. It's a dashboard nobody checks. This matters especially in SitecoreAI headless builds, where most of what you ship was written by someone else, not you. Each one is a trust decision you didn't consciously make. Take the TanStack incident from May 2026. The attacker didn't need stolen credentials, they hijacked the build pipeline itself, published 84 malicious packages in under 6 minutes, and stole cloud keys from every machine that ran npm install. Schedule-based scanning doesn't save you from that. If you're not sure your pipeline would have caught a compromised package before it hit production, this blog from our CTO Piers Matthews, is worth a few minutes of your time. #DevSecOps #PipelineSecurity #SupplyChainSecurity #SitecoreAI #Dataweavers #Security #HeadlessCMS

Wanna be a DevSecOps Engineer (📍Lenexa, Kansas) at TrueML working remotely? #remotework #remotejobs #wfh 👇 remoteok.com/jobs/remote-dev…

North Korean threat actors sent 250 phishing emails posing as recruiters to target software developers across nearly 100 organizations. Victims cloned malicious GitHub repos that executed embedded scripts when opened in VS Code, leading to credential theft and lateral movement. Runtime segmentation helps contain such post-compromise activity. 🔗 Full TRC analysis: aviatrix.ai/threat-research-… #ThreatIntel #DevSecOps

Teller Talks Cloud Glue #cloud #devops #sre #platformengineering #devopsengineering #devsecops #dev This is a clip from our recent Ship It Weekly Podcast episode. Visit link in bio to listen to the full episode!

Adversa AIが「TrustFall」を公開。Claude Code・Cursor・Gemini CLI・Copilot CLIの4つすべてで、悪意あるリポジトリの .mcp.json / settings.json がフォルダ信頼プロンプトのEnter一押しでMCPサーバーを自動実行→1クリックRCE。cloneしたレポをエージェントで開く＝信頼境界、と捉えるべき。 #セキュリティ #DevSecOps #AIセキュリティ #MCP adversa.ai/blog/trustfall-co…

従来のDevSecOpsは通用しない？　AIの弱点を突く脅威への最適解「MLSecOps」 #TechTarget (Jun 15) techtarget.itmedia.co.jp/tt/…

🚀 Hiring: Product Security Engineer | Remote | Full-Time Are you passionate about cybersecurity, AI, and building secure systems at scale? We're looking for a Product Security Engineer to help shape the future of AI-native security engineering. In this role, you'll design AI-powered security systems, develop autonomous security workflows, secure AI applications and infrastructure, and integrate intelligent security controls directly into the software development lifecycle. You'll work at the intersection of Application Security, LLM Security, Machine Learning, and Software Engineering to help build the next generation of secure AI products. 🔹 Position: Product Security Engineer 🔹 Type: Full-Time 🔹 Location: Remote 🔹 Compensation: $180,000–$230,000 USD Equity Performance Bonuses 🔹 Openings: 1 What We're Looking For: ✅ AI & Security Expertise ✅ Application Security & Product Security ✅ LLM Security & AI Threat Modeling ✅ Security Tooling (Snyk, Semgrep, Checkmarx, GitHub Advanced Security, Wiz, Lacework) ✅ Python Programming ✅ Cloud & Distributed Systems Security ✅ Secure Software Development Lifecycle (SSDLC) ✅ Vulnerability Management & Threat Detection Preferred: ✔ Experience Securing AI Products & Agentic Systems ✔ Applied Machine Learning or Security Data Science Background ✔ AI Red Teaming & Model Evaluation Experience ✔ Open-Source Security Contributions ✔ Experience in High-Growth Technology or AI Companies This is a rare opportunity to work on cutting-edge AI security challenges, building autonomous systems that identify, prioritize, and remediate security risks while helping define the future of secure AI development. Apply Here: tinyurl.com/2ucb8b7d #Hiring #CyberSecurity #ProductSecurity #ApplicationSecurity #AISecurity #LLMSecurity #SecurityEngineer #Python #CloudSecurity #DevSecOps #MachineLearning #RemoteJobs #TechJobs #AIJobs

🚀 In 2026, security isn't a phase—it's woven into every commit. DevSecOps makes security a builder, not a bottleneck. Automate standards, ship safe. 💡 How do you embed security in your pipeline? Reply. #DevSecOps

Los ataques a la cadena de suministro de software siguen creciendo y ya no basta con revisar la seguridad al final del desarrollo. DevSecOps permite integrar controles de seguridad durante todo el ciclo de vida del software, reduciendo riesgos y fortaleciendo la resiliencia de las organizaciones. Lee más: cronup.com/fortalecer-la-cul…

New podcast: #AI does not simply create productivity; it can amplify risk. AI-generated code, expanded automated pipelines, and increased reliance on external models have broadened the attack surface. governmenttechnologyinsider.… #Checkmarx #cyber #DevSecOps

Built the infrastructure that was missing. 🔹 prechained.com — 124,000 software packages SHA-384 fingerprinted and archived before any attack was disclosed. Free. Public. Independently verifiable. 🔹 cbomcompliance.com — Drop in your CycloneDX or SPDX manifest. Get a cryptographically signed, Bitcoin-anchored receipt in 60 seconds. Free trial, no account. 🔹 cuistandard.com — CMMC Level 2 deadline is November 10. Most contractors don't know where their CUI boundary starts. $29/mo gets you a full CUI scoping workspace. Three problems. Three tools. nextgenrails.net #SupplyChainSecurity #SBOM #CMMC #CUI #AppSec #DevSecOps #CycloneDX