OWASP Foundation<p>Sharpen your skills with 2-Day Training Sessions at OWASP Global AppSec USA 2025.</p><p>Built for security professionals who want to go deeper than theory and walk away with tools they can put into practice.</p><p>🛡 Whiteboard Hacking – Hands-on Threat Modeling led by top experts<br>🤖 Attacking AI with Jason Haddix – Learn to probe, break, and understand AI systems from the offensive side</p><p>🔗 <a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.glueup.com/event/131624/</span><span class="invisible">register/</span></a></p><p><a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AISecurity</span></a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WashingtonDC</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
202active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#devsecops
5 posts · 5 participants · 0 posts today
anchore<p>Find license landmines before they find you. Grant 0.3.0 flags "no-license" by default + turns policy into plain English. Faster, stricter, simpler.</p><p>🔗 <a href="https://anchore.com/blog/grants-release-0-3-0-smarter-policies-faster-scans-and-simpler-compliance/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">anchore.com/blog/grants-releas</span><span class="invisible">e-0-3-0-smarter-policies-faster-scans-and-simpler-compliance/</span></a></p><p><a href="https://mstdn.business/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mstdn.business/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mstdn.business/tags/Compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Compliance</span></a> <a href="https://mstdn.business/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a></p>
The Linux Foundation<p>📣 Fresh drops for THRIVE-ONE Annual subs!<br>From securing AI/ML pipelines to smarter agents + better observability—this month’s microlearning content is stacked:</p><p>✅ DevSecOps for AI/ML<br>✅ Prometheus Labels guide<br>✅ MCP for AI agents<br>✅ Build agentic AI apps w/ Docker + CrewAI<br>✅ AI model integrity w/ OMS</p><p>Full access + 40% cert bundle savings 👉 training.linuxfoundation.org/subscriptions</p><p><a href="https://social.lfx.dev/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://social.lfx.dev/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://social.lfx.dev/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://social.lfx.dev/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a> <a href="https://social.lfx.dev/tags/SRE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SRE</span></a></p>
OWASP Foundation<p>🚨 Only have one day to train? Make it count!</p><p>Join us at OWASP Global AppSec US 2025 in Washington, D.C. for a full day of expert-led, hands-on Application Security training.</p><p>Pick from a curated lineup of 1-day courses designed to sharpen your skills in critical areas.</p><p><a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.glueup.com/event/131624/</span><span class="invisible">register/</span></a></p><p><a href="https://infosec.exchange/tags/OWASP2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP2025</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/InfosecTraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfosecTraining</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> <a href="https://infosec.exchange/tags/PrivacySecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrivacySecurity</span></a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WashingtonDC</span></a> <a href="https://infosec.exchange/tags/SecurityTraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityTraining</span></a></p>
ZAST AI<p>[Sneak Peek] Progress Update<br>🎯 Zast.ai now can find 0-day in Python code with ZERO false positives - verified with a working PoC.</p><p>🐍 Python - IN BETA, full release coming soon!</p><p>✅ JavaScript - Production ready</p><p>✅ Java - Production ready</p><p>More languages support is on the way, stay tuned for the official launch!</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://infosec.exchange/tags/ZAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZAST</span></a></p>
ActiveState<p>CVSS ≠ priority. For Python, focus on:<br>- Exploitability in your env/runtime<br>- Transitive blast radius<br>- Service criticality<br>- Breaking-change risk</p><p>Pragmatic workflow + checklist: <a href="https://www.activestate.com/blog/prioritizing-python-vulnerabilities-2/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">activestate.com/blog/prioritiz</span><span class="invisible">ing-python-vulnerabilities-2/</span></a> </p><p><a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://mastodon.social/tags/OpenSourceSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSourceSecurity</span></a> <a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.social/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a></p>
anchore<p>The <span class="h-card" translate="no"><a href="https://fosstodon.org/@syft" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>syft</span></a></span> & <span class="h-card" translate="no"><a href="https://fosstodon.org/@grype" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>grype</span></a></span> projects combined have hit 40 million downloads!</p><p>A massive thank you to the open source community for trusting us to secure their software supply chains.</p><p><a href="https://mstdn.business/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mstdn.business/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> <a href="https://mstdn.business/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a><br><a href="https://anchore.com/opensource" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">anchore.com/opensource</span><span class="invisible"></span></a></p>
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/ArgoCD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArgoCD</span></a>: Max severity Argo CD API <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> CVE-2025-55190 leaks repository credentials:<br><a href="https://infosec.exchange/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> <br><a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a><br><a href="https://infosec.exchange/tags/SoftwareSupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareSupplyChainSecurity</span></a></p><p><a href="https://www.bleepingcomputer.com/news/security/max-severity-argo-cd-api-flaw-leaks-repository-credentials/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/max-severity-argo-cd-api-flaw-leaks-repository-credentials/</span></a></p>
Pyrzout :vm:<p>How to Close the AI Governance Gap in Software Development <a href="https://www.securityweek.com/how-to-close-the-ai-governance-gap-in-software-development/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/how-to-close-</span><span class="invisible">the-ai-governance-gap-in-software-development/</span></a> <a href="https://social.skynetcloud.site/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArtificialIntelligence</span></a> <a href="https://social.skynetcloud.site/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://social.skynetcloud.site/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> <a href="https://social.skynetcloud.site/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a></p>
Pyrzout :vm:<p>How to Close the AI Governance Gap in Software Development <a href="https://www.securityweek.com/how-to-close-the-ai-governance-gap-in-software-development/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/how-to-close-</span><span class="invisible">the-ai-governance-gap-in-software-development/</span></a> <a href="https://social.skynetcloud.site/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArtificialIntelligence</span></a> <a href="https://social.skynetcloud.site/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://social.skynetcloud.site/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> <a href="https://social.skynetcloud.site/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a></p>
OWASP Foundation<p>📈 Level Up Your AppSec Skills with Our 3-Day Trainings at OWASP 2025 Global AppSec USA this November in Washington, DC!</p><p>📍 Adam Shostack: Threat Modeling Intensive with AI</p><p>📍 Jim Manico: AppSec and AI Security for Developers</p><p>📍 Abhay Bhargav: Attacking and Defending AWS, Azure & GCP Applications</p><p>📍 Dawid Czagan: Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access</p><p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/AppSecUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSecUSA</span></a> <a href="https://infosec.exchange/tags/Cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersec</span></a> <a href="https://infosec.exchange/tags/GlobalAppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GlobalAppSec</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTesting</span></a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WashingtonDC</span></a></p>
FastRuby.io<p><a href="https://ruby.social/tags/Ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ruby</span></a> 3.0 has not been getting security patches since April 1st, 2024. Is your application running Ruby 3.0 in production? Have you made any plans to upgrade? Let's talk! We can get you from Ruby 1.9 to 3.3 and beyond! <a href="https://www.fastruby.io/monthly-ruby-maintenance" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">fastruby.io/monthly-ruby-maint</span><span class="invisible">enance</span></a> 🚀</p><p><a href="https://ruby.social/tags/TechDebt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechDebt</span></a> <a href="https://ruby.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://ruby.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a></p>
UpgradeJS.com<p>Vue 2 reached End of Life (EOL) on December 31st, 2023. Are you still running <a href="https://mastodon.online/tags/Vue2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vue2</span></a> in production? </p><p>Check out our article on upgrading to <a href="https://mastodon.online/tags/Vue3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vue3</span></a>: 10 Steps to Migrate from Vue 2 to Vue 3 👉 <a href="https://go.upgradejs.com/pmq" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">go.upgradejs.com/pmq</span><span class="invisible"></span></a> </p><p><a href="https://mastodon.online/tags/VueJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VueJS</span></a> <a href="https://mastodon.online/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://mastodon.online/tags/TechDebt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechDebt</span></a> <a href="https://mastodon.online/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://mastodon.online/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a></p>
Netzpalaver<p>8 bösartige Open-Source-Pakete, die auf Windows-Chrome-Benutzerdaten abzielen</p><p>JFrog gibt die Entdeckung von acht bösartigen Paketen bekannt, die auf npm, einem der weltweit größten Repositorys für Open-Source-Javascript-Komponenten, veröffentlicht wurden.<br>Die Pakete, darunter react-sxt (Version 2.4.1), react-typex (Version 0.1.0) und react-native-control (Version 2.4.1), wurden von böswilligen npm-Benutzern hochgeladen. Sie enthielten eine hochentwickelte multi-layer Verschleierung mit über 70 Layers versteckten Codes, die es Angreifern ermöglichte, bösartige Payloads auf Entwicklerrechnern ohne Benutzerinteraktion auszuführen.</p><p><a href="https://social.tchncs.de/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.tchncs.de/tags/Cybersicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersicherheit</span></a> <a href="https://social.tchncs.de/tags/Datendiebstahl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Datendiebstahl</span></a> <a href="https://social.tchncs.de/tags/Datenexfiltration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Datenexfiltration</span></a> <a href="https://social.tchncs.de/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://social.tchncs.de/tags/Entwickler" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Entwickler</span></a> <a href="https://social.tchncs.de/tags/Javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Javascript</span></a> <a href="https://social.tchncs.de/tags/JFrog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JFrog</span></a> <a href="https://social.tchncs.de/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> <a href="https://social.tchncs.de/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://social.tchncs.de/tags/Repository" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Repository</span></a></p><p><a href="https://netzpalaver.de/2025/09/01/8-boesartige-open-source-pakete-die-auf-windows-chrome-benutzerdaten-abzielen" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">netzpalaver.de/2025/09/01/8-bo</span><span class="invisible">esartige-open-source-pakete-die-auf-windows-chrome-benutzerdaten-abzielen</span></a></p>
Netzpalaver<p>8 bösartige Open-Source-Pakete, die auf Windows-Chrome-Benutzerdaten abzielen</p><p><a href="https://social.tchncs.de/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.tchncs.de/tags/Cybersicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersicherheit</span></a> <a href="https://social.tchncs.de/tags/Datendiebstahl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Datendiebstahl</span></a> <a href="https://social.tchncs.de/tags/Datenexfiltration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Datenexfiltration</span></a> <a href="https://social.tchncs.de/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://social.tchncs.de/tags/Entwickler" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Entwickler</span></a> <a href="https://social.tchncs.de/tags/Javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Javascript</span></a> @JFrog <a href="https://social.tchncs.de/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> <a href="https://social.tchncs.de/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://social.tchncs.de/tags/Repository" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Repository</span></a></p><p><a href="https://netzpalaver.de/2025/09/01/8-boesartige-open-source-pakete-die-auf-windows-chrome-benutzerdaten-abzielen/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">netzpalaver.de/2025/09/01/8-bo</span><span class="invisible">esartige-open-source-pakete-die-auf-windows-chrome-benutzerdaten-abzielen/</span></a></p>
8 bösartige Open-Source-Pakete, die auf Windows-Chrome-Benutzerdaten abzielen
#Cybersecurity #Cybersicherheit #Datendiebstahl #Datenexfiltration #DevSecOps #Entwickler #Javascript @JFrog #NPM #OpenSource #Repository
Are you ready for the next Log4shell?
Soroosh Khodami will share practical strategies for securing your CI/CD process at InfoQ Dev Summit Munich 2025 (Oct 15-16).
Get a clear roadmap to turn fear into proactive defense.
CISA warns of active exploits targeting a Git flaw (CVE-2025-48384) enabling arbitrary code execution via malicious submodules 
Git mishandles \r in config files—attackers can hijack machines when users clone tainted repos 
Patch deadline for U.S. agencies: Sept 15 
Fixes available in Git 2.43.7+ 
Also added: Citrix Session Recording RCE & privilege escalation bugs 
We’re excited to feature two powerhouse voices in security as our keynote speakers for OWASP Global AppSec USA 2025!
Daniel Miessler — AI & Security Researcher, entrepreneur, and Founder/CEO of Unsupervised Learning.
Adam Shostack — World-renowned threat modeling expert and consultant at Shostack & Associates.
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Security is Everybody’s Job”
https://twp.ai/4ipe5i
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload