A screenshot of the SensorFu Honeytoken app settings page showing toggles for cloud provider alerts. AWS and GCP are enabled, while Microsoft Azure and Microsoft Services are muted.

New in the SensorFu Honeytoken app: automatic IP allowlisting for AWS, Google Cloud, Azure, and other Microsoft services. 🌐

Honeytokens are fake secrets meant to attract hackers like bees to honey – basically digital tripwires to catch someone snooping around.

Set up your own at badrap.io.

GitHub - npmx-dev/npmx.dev: a fast, modern browser for the npm registry a fast, modern browser for the npm registry. Contribute to npmx-dev/npmx.dev development by creating an account on GitHub.

The community @npmx.dev has cultivated in such a short time is extraordinary.

It turns out that in open source, much like in security, people are the strongest link in the chain.

Check out the code at repo.npmx.dev, join the Discord at chat.npmx.dev, and follow them on Bluesky at social.npmx.dev.

Announcing npmx: a fast, modern browser for the npm registry Today we're releasing the alpha of npmx.dev – a fast, modern browser for the npm registry, built in the open by a growing community.

Badrap is happy to support @npmx.dev in an advisory role.

A better developer experience can be a boon to security. Easier access to trust signals and tips for avoiding unnecessary dependencies, among other things, help make stronger supply chain choices.

Read their intro: npmx.dev/blog/alpha-r...

Pricing by "Contact Sales" is out. Public and transparent pricing is in.

We just shipped a way for anyone to plan a cybersecurity roadmap based on their actual needs and budget. No guessing, no forced sales calls.

Use the Add to Cart button on our Playbooks page to get started: badrap.io/playbooks

Kyberlahti 2026 event overview, exhibition area

Kyberlahti 2026 event overview, main stage

Our Heikki is at the wonderful #kyberlahti today - come and say hi if you're around!

Our Finnish delegation hanging around a table.

A CyberSicherheitsForum Baden-Württenberg wall.

A table reserved for our Finnish delegation.

A crowd of participants.

We're again at the wonderful Baden-Württemberg #CyberSicherheitsForum today with friends from NCSC-FI (@traficomfinland.bsky.social), SensorFu, Arctic Security (@arcticsecurity.bsky.social), SensorFleet and Semantti (@semantti.bsky.social).

Come and say hi!

Jani Kenttälä of badrap.io

If you're at the GovWare 2025 expo in Singapore this week, drop by and meet us at booth D10!

Our Jani will also be speaking on Tuesday 16:00 (Level 6, Room GW6) about lessons learned from doing supply chain cybersecurity checks for over 3000 companies at scale. Come and chat with him afterwards!

Cyber Security Made Easy Badrap playbooks help you automate cyber security tasks with ease. Step-by-step best practices boost your online security and privacy.

Your mandatory cyber routines are becoming even easier to automate and execute!

We're:
🤗 improving your user experience
🧑‍🔧 by developing new self-service features
⛳️ to the badrap.io platform and playbooks

The effort is co-funded by the European Union: badrap.io/eakr2025 #CyberSecurity #EUfunded

A crowd of Prevent'25 participants watching the show.

A dapper fellow wearing an eye-catching vest gesturing towards the camera.

badrap.io's Jani Kenttälä preparing the Prevent'25 presentation.

Great to meet 150 customers and partners at @scanabc.com's #prevent25 today - thanks to everyone for coming! Now off to Disobey (@disobeyfi.bsky.social), catch us there.

Badrap ja Remod - Tiukkaa tietoturva-asiantuntemusta jalat maassa Badrapin ja Remodin yhteistyöllä on pitkä historia ja juuret syvällä kotimaisessa kyberturvallisuusyhteisössä.

Remod wrote (in Finnish) some nice things about partnering with Badrap at remod.fi/asiakastarin... ❤️

Together, we’re tackling email security with the "Spoofproof Your Emails" playbook, helping organizations block fraud and keep communications trusted. Check it out at badrap.io/playbooks/sp...!

Don't redirect to HTTPS for API · Issue #2416 · OWASP/ASVS Your API Shouldn't Redirect HTTP to HTTPS The argument is that when a client uses 'http://api.example.org', it should fail instead of silently be insecure. I propose to add a requirement that speci...

Quite mind-boggling to learn that jviide.iki.fi/http-redirects was referenced in a proposal to amend the OWASP Application Security Verification Standard: github.com/OWASP/ASVS/i...

Huge thanks to everyone involved! Heartening to see the measured debate and the well-worded end result.

Here is a nice list of personal cyber hygiene tasks to complete. 👍

Glad to hear that our little library has been useful 🎉 io-ts is also a great option, and has definitely influenced valita and many others.

Oh no, badrap.io has been busted for speeding!

What a great idea from @strek.in 😀 Get a ticket issued for your website from speeding-ticket.vercel.app

A crossed-over recycling symbol, accompanied by the text: "Passwords are non-recyclable material."

A quick reminder for all our friends creating new Bluesky accounts:

Recycling is usually a good thing, but not for passwords. Use a unique password for each online service.

Sofri um vazamento de dados. Como devo proceder? Se você recebeu um alerta de vazamento de dados de um serviço de monitoramento como Have I Been Pwned ou Badrap.io e está se perguntando…

Let's not forget our Brazilian friends! Huge thanks to Bruno for translating this evergreen post: medium.com/badrapio/sof... #cybersecurity #infosec

I got a data breach alert. What next? You received a data breach alert from a monitoring service and are wondering what to do next? Look no further, let’s sort it out together!

Let's get this ball rolling with an oldie but goodie: medium.com/badrapio/i-g... #cybersecurity #infosec