Missed the webinar? Watch Velocity Connected on demand to see how APIs unify security into one ecosystem. Watch here: ow.ly/sYac50ZasWc #HirschSecure #OnDemand #UnifiedSecurity #OpenSecurity #APIs #ConnectedEcosystem #SecuritySolutions

Join our Velocity Connected webinar to learn how APIs and integrations extend security beyond access control and video—connecting operations, automating workflows, and enabling smarter environments. June 9 | 9 AM PT : Register: events.teams.microsoft.com/e… #HirschSecure #OpenSecurity

We found vulnerabilities in a widely used open source library. Multiple CVEs. So is open source the problem? Not really. It’s the human factor. Kaspersky’s Dmitry Shmoylov explains. #cybersecurity #opensecurity

Vigil v1.1 — The Security Agency That Never Sleeps Massive update just dropped. Here's everything that shipped today. ——— VIGIL BRAIN ——— We gave Vigil a brain. Not a wrapper around an LLM — an actual embedded security knowledge base with 356 pre-built entries that answers instantly without calling any AI provider. What's inside: • 85 MITRE ATT&CK techniques across all 14 tactics — with real CVEs, detection methods, and mitigations • 10 OWASP Top 10 Web risks with CWE mappings and exploitation details • 10 OWASP LLM Top 10 MITRE ATLAS for AI/ML security • 48 NIST controls (CSF 2.0 800-53 Rev 5) • 40 CompTIA Security domains covering the full SY0-701 exam scope • 89 port-to-service mappings with known vulnerabilities (port 21 through 50000) • 30 cross-framework compliance mappings (PCI DSS 4.0, HIPAA, SOC 2, ISO 27001, CIS v8) • 17 CVE vulnerability patterns (SQLi, XSS, SSRF, deserialization, buffer overflow...) • 27 remediation templates with language-specific fixes for Node.js, Python, Java, Go, PHP Ask "What is T1059?" — instant answer. "Port 445?" — instant. "CWE-89?" — instant. No LLM call needed. Under 1ms. When you DO ask something that needs reasoning, the Brain enriches the prompt with your profile context, section awareness, recalled memories, relevant KB entries, and suggested actions — then sends it to your AI provider with full context. The Brain also remembers. It extracts IPs, domains, CVEs, and preferences from your conversations and recalls them in future sessions. It builds a security profile of your infrastructure — cloud providers, compliance frameworks, threat model, crown jewels — and tailors every response to your environment. ——— FLOATING BRAIN CHATBOX ——— New draggable floating panel — the orange shield button in the bottom right. Grab it and drag it any where on screen. Click it to open a quick-question panel that's section-aware. Navigate to Port Scanner and the panel suggests "What ports should I check?" Navigate to Compliance and it suggests "How do I prepare for a SOC 2 audit?" Keyboard shortcut: Ctrl Shift B. The Brain is wired into the existing AI Terminal and AI Chat — not a separate page. Every AI call through Vigil now goes through the Brain first. ——— FLOWS ——— DAG-based workflow automation is live. Build security pipelines by chaining nodes together: • Node types: start, end, LLM, agent, tool, condition, loop, HTTP, delay, human input, notify • 4 built-in templates: Recon Pipeline, Compliance Check, Incident Response, Vulnerability Triage • Visual flow editor with drag-drop node placement and edge drawing • Conditional branching with state evaluation • Real-time execution progress via Socket.IO • PostgreSQL persistence with versioning Think "scan target → check vulns → if critical → alert Slack → create ticket" — fully automated. ——— AGENT EDITOR 28 SECURITY AGENTS ——— Full agent system with create, edit, and custom system prompts. 4 categories, 28 built-in agents: Scanners (7): Port Scanner, Subdomain Enumerator, HTTP Header Auditor, XSS Scanner, SQL Injection Detector, TLS Analyzer, Prompt Injection Tester Analyzers (6): AWS Security Auditor, IAM Policy Analyzer, PCI DSS Checker, HIPAA Compliance Checker, Data Classifier, AI Threat Analyst Defenders (4): Incident Playbook Generator, Firewall Rule Auditor, Malware Behavior Analyzer, Patch Reviewer Hunters (9): Log Threat Hunter, Network Anomaly Detector, Memory Forensics, Disk Forensics, Adversarial Analyst, Exploit Validator, Attack Path Mapper, Red Team Planner, Autonomous Pentester The Autonomous Pentester runs a P-E-R (Planner-Executor-Reflector) cycle with dual causal graph reasoning. The Adversarial Analyst uses the MUST-GATE framework. Not toy agents — these have serious methodology behind them. Every agent supports per-agent AI provider selection. Run your hunters on local Ollama, your analyzers on Claude API. Your choice. ——— SMART PROVIDER ROUTING ——— Multi-provider AI with intelligent routing: • Providers: Claude API, Claude CLI, Codex CLI, Ollama (local) • Strategies: balanced, premium, speed, economy • Route-based assignment: scans → Ollama, analysis → Claude API, hunts → Ollama • Per-agent and per-flow provider pinning • Automatic fallback chains ——— OLLAMA KALI AIR-GAPPED ——— Full Docker stack: Vigil PostgreSQL Ollama. Default model: qwen3:8b. Runs entirely local. Zero data leaves your machine. Works on Kali Linux. Works air-gapped. Works on a laptop in a SCIF. Docker Compose up and you have a complete security operations platform with AI in under 5 minutes. The security bridge container runs nmap, nuclei, nikto, sqlmap, gobuster, subfinder, httpx, whois, dnsrecon, hydra, and dirb — all sandboxed with input validation and 50MB buffer limits. ——— WHAT ELSE SHIPPED ——— • Glass card visibility fix — surfaces bumped from 65% to 92% opacity, borders and text brightened across the board • 2FA hardened — TOTP with challenge-token flow, inline forms replacing window.prompt • Auth hardening — bootstrap passwords, RBAC enforcement • Claude CLI in Docker — entrypoint fixes, credential mounting from host • Express 5.2.1 upgrade • 40 sidebar sections all wired to Brain context ——— WHAT'S NEXT ——— Vigil is open source. Self-hosted. Your data stays on your infrastructure. 28 agents pre-built. 356 knowledge base entries. 89 port mappings. 122 MITRE techniques. 160 CWE mappings. 30 compliance cross-references. Instant answers. The security agency that never sleeps. github.com/vigil-agency/vigi… #cybersecurity #infosec #opensecurity #MITREATTACK #OWASP #pentesting #threatintel #selfhosted #ollama #kalilinux #secops #redteam #blueteam #purpleteam

Wazuh and Moderna-IT Announce Partnership. Read more: ow.ly/F0N050YslO5 #CyberSecurity #OpenSecurity #InformationSecurity

MobSf with vulnbank.org mobile apk since I am on windows so I use wsl terminal i.e I run on ubuntu terminal... there is a need for me to install Docker app itself (no need to sign in, just keep it running ) then you type this in your terminal to start it "docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf"

How privacy-focused is Lnqk.Me? So focused that the Mobile Security Framework (pnqk.me/kp877g) OpenSecurity report gave our apps an A rating & ranked them lowest possible privacy risk factor – zero!

𝗢𝗪𝗔𝗦𝗣 𝗧𝗼𝗽 𝟭𝟬 𝗳𝗼𝗿 𝗠𝗼𝗱𝗲𝗹 𝗖𝗼𝗻𝘁𝗲𝘅𝘁 𝗣𝗿𝗼𝘁𝗼𝗰𝗼𝗹 (𝘃𝟬.𝟭). 𝗟𝗶𝗻𝗸𝘀:- lnkd.in/g4a45JBu Github- lnkd.in/gyJYDY55 📍 @OWASP #AISecurity #MCPSecurity #AgenticAI #OWASPMCPTop10 #AppSec #OpenSecurity #SecurityResearch #CommunityDriven

Finally... #TROPIC01 is happily placed on the circuit board of the 𝗧𝗿𝗲𝘇𝗼𝗿 𝗦𝗮𝗳𝗲 𝟳 hardware wallet. The latest flagship hardware wallet from @Trezor. It is the first open security element deployed in a globally available consumer device, created for those who believe that true trust can only be achieved when you can verify what's inside. As our CEO @jan_pleskac said: "𝘞𝘩𝘢𝘵 𝘸𝘦 𝘩𝘢𝘷𝘦 𝘢𝘤𝘩𝘪𝘦𝘷𝘦𝘥 𝘸𝘪𝘵𝘩 𝘛𝘳𝘦𝘻𝘰𝘳 𝘪𝘴 𝘮𝘰𝘳𝘦 𝘵𝘩𝘢𝘯 𝘫𝘶𝘴𝘵 𝘢 𝘱𝘳𝘰𝘥𝘶𝘤𝘵 𝘮𝘪𝘭𝘦𝘴𝘵𝘰𝘯𝘦, 𝘪𝘵 𝘪𝘴 𝘢 𝘴𝘪𝘨𝘯𝘢𝘭 𝘵𝘰 𝘵𝘩𝘦 𝘦𝘯𝘵𝘪𝘳𝘦 𝘩𝘢𝘳𝘥𝘸𝘢𝘳𝘦 𝘪𝘯𝘥𝘶𝘴𝘵𝘳𝘺." Are you interested in joining more than 300 attendees and thousands online who already know this, and see what exactly 𝗧𝗥𝗢𝗣𝗜𝗖𝟬𝟭 does in 𝗧𝗿𝗲𝘇𝗼𝗿 𝗦𝗮𝗳𝗲 𝟳? Check out our new case study page at tropicsquare.com/application… #TROPIC01 #TrezorSafe7 #SatoshiLabs #OpenSecurity #Transparency #SecureHardware #CryptoSecurity #trezor #TS7 #tropicsquare #secureelement

Tropic Square is heading to @ORSHIN_HE Summer School 2025 in Crete from 7–10 September. It’s the perfect gathering spot for cybersecurity geeks and open-source advocates. Since we love discussing, analyzing, and dissecting security and open-source topics, we’re excited to connect with industry professionals, researchers, innovators, and students there. Catch @jan_pleskac speaking on “Application of ORSHIN research results in an industry context” and @jerabek_s on “Secure Channel Implementation”, along with a live demo of #TROPIC01, our secure element. We look forward to meaningful discussions and sharing ideas with the vibrant ORSHIN community. With @KU_Leuven , @EURECOM, @Texplained_RE , @TechnikonAT, @SecPattern and @NXP summer-school.info/ #TROPIC01 #IoT #Cybersecurity #OpenSecurity

When people show up on their own time to dig into your code, challenge assumptions, and imagine new use cases for your fresh production chip – you don’t take that for granted. 🙏 We hosted our first Open Security Community meetup. Honest conversations, tough questions, hands-on feedback. 🛠️ Huge thanks to @LabOctopus ,@AgamaPoint for hosting in their killer HW Lab 🧪- and for being among the first names in our upcoming Contributor Hall of Fame, recognizing those who help shape the future of open security. More to come.... #opensecurity #community #opensourcehardware #embeddedsecurity #TROPIC01

Wow! Big thanks and shout out to the @ContentWiseInfo team! This is what real open source looks like: multiple eyes, different minds, and real use cases. Open source is only open when it's shared, tested and improved together. It's about sharing it openly with people who can challenge it. Note what we have overlooked. Contribute to what we have not considered. That's why we're pleased to see growing community interest in libtropic, our core library powering #TROPIC01. More contributors = stronger code. More eyes = better security. Feel free to report bugs, vulnerabilities, file issues or even better - give us a STAR! We invite you to contribute as well! Our GitHub discussions are always open. github.com/orgs/tropicsquare… #TROPIC01 #libtropic #OpenHardware #OpenSecurity #Auditability #OpenWRT #ContentWise #TrustInSilicon

Our crew is now live at @BTCPrague 2025, Europe’s biggest Bitcoin event, and we’re sparking buzz with our serious innovation momentum! Catch our #TROPIC01 live demo and see how open, auditable hardware is redefining Bitcoin security. Swing by Booth 1 and meet the team in action! Let's talk - building freedom tech and tearing down the walls of security by obscurity. Don’t miss the keynote by our CEO @jan_pleskac on the main stage (Friday, June 20 at 17:00) He’ll share how open, auditable chips like #TROPIC01 are supporting the Bitcoin industry and enabling a decentralized future. More details here: tropicsquare.com/news-and-ev… #BTCPrague2025 #TROPIC01 #OpenSecurity #BitcoinHardware #SecureChips #Auditability #NoNDAs #BitcoinDesign #HardwareYouCanTrust

Visit us at BTC Prague 2025 from June 19–21 and get hands-on with #TROPIC01, the world’s first auditable and transparent chip — built to challenge the black-box status quo in crypto hardware. Real demos. No obscurity. No backdoors. We’re bringing verifiable trust to the center of crypto’s biggest conversation. Let’s talk open hardware, and how to finally verify what you run. More details here: tropicsquare.com/news-and-ev… #BTCPrague2025 #TROPIC01 #CryptoHardware #OpenSecurity #SecureElements #DecentralizedSecurity #DontTrustVerify

Admit You Don’t Know Everything… When you're building something radically new — like #TROPIC01, our open #secureelement — you have to listen more than you talk.👂✨ Last week we had a live, full day session with a few of our first customers. We dived deep into how and why they integrated TROPIC01 into their #decentralized industrial #IoT and physical access control systems. No slides. No NDAs. Just raw, valuable feedback. 💬🔍 We explored: 💡 What real-world use cases our open design already enables 🔗 Where TROPIC01 fits today—and where it doesn’t 🛠️ What hardware/software improvements the community wants next What stood out? Open security thrives when egos and friction are set aside in favor of peer-reviewed collaboration. There’s power in publishing your specs and letting your users challenge them. TROPIC01 is already creating traction where closed-chip incumbents can’t or won’t go. If you're tired of the black-box status quo, this is your call to engage. We’re not here to dominate an existing market. We’re here to create a secure new one. Together.🤝 Visit our website to learn more: tropicsquare.com Thank you: @RDDLNetwork @juergeneckel @tomfuerstner @jan_pleskac Maxim Kostin @vit_masek Zapeca Jan @ContentWiseInfo @MiroSvetlik @krystof_jelinek #OpenSecurity #SecureElements #HardwareDesign #TROPIC01 #OpenSourceHardware #accessmanagement #DePin #IoT #Securehardware #Auditability

Check out highlights from the Cybersecurity Interoperability Village, hosted by #OCA! Cybersecurity vendors, government agencies, and industry experts came together to explore the future of #cybersecurity automation. Watch the videos: youtube.com/playlist?list=PL… #CASP #opensecurity

Visit us at Embedded World 2025 for live and exclusive TROPIC01 showcases. Demos from our partners will showcase how device manufacturers can implement transparent and auditable security in their embedded hardware. We’re happy to announce @Trezor, @ContentWiseInfo, and @RDDLNetwork will be joining us at our booth 5-373 to give insight on their open approach to designing secure devices with TROPIC01. Learn more about our Embedded World program here: bit.ly/tropicew25 #OpenHardware #OpenSecurity #TROPIC01 #DontTrustVerify #EmbeddedHardware

OCA is proud to be a member of the @NonprofitCyber coalition, celebrating its third anniversary of strengthening cybersecurity together! nonprofitcyber.org/for-its-t… #OCA #opensource #opensecurity #cybersecurity #NonProfitCyber

The 2025 State of #Security and #Identity Report is here. 🔎 Read the press release. 👉 hid.link/JjA Read the full report. 👉 hid.link/Jjd #AI #Sustainability #Mobile #Biometrics #DigitalTransformation #SecuritySolutions #OpenSecurity

We’ve just launched something impactful for the cybersecurity community! 🌍 After years of deep research, we’re proud to introduce the first Public Internet Attack Surface Dashboard—now freely available to all. See What's Inside: research.redhuntlabs.com We’ve compiled real-time internet-wide risk insights, blending exposure trends, secret leaks, and actionable data into a single easy-to-use platform. Here's a sneak peek: ✅ 360º Attack Surface Trends – Track subdomains, IPs, cloud assets, GitHub repos & more ✅ Secrets Exposure Insights – Discover leaks of credentials, API keys & sensitive data ✅ Live Exposure Feed – View real-time updates on secret leaks (responsibly redacted) ✅ Open Research Datasets – Download security datasets on tech stacks, HTTP headers, and more ✅ Internet-Wide Research Studies – Access all Project Resonance waves in one centralized place We’d love to hear your thoughts—drop a comment or DM us! 🚀 @upgoingstar @Sudhanshu_C @devangsolankii @aggkunal #Cybersecurity #AttackSurface #Infosec #ASM #EASM #ResearchDashboard #SecurityInsights #DataDrivenSecurity #ThreatIntelligence #OpenSecurity #OpenSource #RedHuntLabs