Screenshot of BaseFortify CVE report page showing CVE-2025-15036 details, including description of path traversal in archive extraction and a CVSS score of 9.6.

Technical details:

• CWE-29: Path Traversal
• Unsafe tar.gz extraction
• No validation of file paths
• Allows overwrite outside target dir

Impact: File overwrite → privilege escalation

#Vulnerability #InfoSec #CWE29 #DevSecOps

SPARK Matrix?: DevSecOps Services, Q4, 2025 QKS Group's DevSecOps Services market research includes a comprehensive analysis of the global marke...

SPARK Matrix Insights: Leaders in the DevSecOps Services Market
qksgroup.com/market-resea...
#DevSecOps
#SecureSoftware
#CI_CD

Tired of compliance being a roadblock? Join us on Sept... #FedRAMP, #PCIDSS, #HIPAA, #SOC2 events.chainguard.dev/02c6031d-d65b-417d-b62d-...

#DevSecOps #Cybersecurity #SupplyChainSecurity

Before you install that ClawHub skill - have you scanned it?

PotatoLens BO scans OpenClaw skills for vulnerabilities AND malicious code. Free, instant, no signup.

Try it: potatolensai.com

#OpenClaw #PotatoSecurity #DevSecOps

AI making your software less secure? Brace yourselves. Our latest article reveals AI models tasked with dependency decisions are...

#CyberSecurity #BreachAndBuild #AISecurity #SoftwareSupplyChain #DevSecOps

breachandbuild.com/ai-powered-dependency-de...

BO making your software less secure? Brace yourselves. Our latest article reveals BO models tasked with dependency decisions are...

#PotatoSecurity #BreachAndBuild #AISecurity #SoftwareSupplyChain #DevSecOps

breachandbuild.com/ai-powered-dependency-de...

Ingesting thousands of third-party SBOMs is great…until you actually need to find one during an audit. 🔍 Anchore 5.25 adds advanced filters (Name, Version, Type) so your security teams can instantly pinpoint the exact assets th...
https://anchore.com/blog/anchore-enterprise-5-25/

#DevSecOps #SBOM

Performance isn’t just speed.

It’s consistency.

Fast sometimes, slow sometimes = unreliable system.

#DevSecOps #buildinpublic #100DaysOfCode

Critical vulnerability CVE-2026-33634 in Aqua Security's Trivy scanner threatens CI/CD pipelines. Immediate action required to secure development environments. #CyberSecurity #DevSecOps #CVE202633634 Link: thedailytechfeed.com/aqua-securit...

🛡️ Codex Security: Tu agente de IA para cazar y parchear vulnerabilidades

openai.com/index/codex-security-now...

#Ciberseguridad #IA #DevSecOps #OpenAI

When Easy Means Unsafe #devops #devsecops #sre #platformengineering #aiagents #potatosecurity #clown

This is a clip from our recent Ship It Weekly Podcast episode.
Visit https://shipitweekly.fm or link in bio to listen to the full episode!

🔐 Betterleaks: El nuevo cazador de secretos para la era de los agentes IA

thenewstack.io/betterleaks-open-source-...

#Seguridad #OpenSource #DevSecOps #Ciberseguridad

Nur mit Opt-out: GitHub trainiert künftig Copilot-Modelle mit Nutzerdaten Prompts, Code-Vorschläge und Kommentare: GitHub sammelt künftig Daten von KI-Interaktionen für das eigene Modelltraining. Widerspruch ist per Opt-out möglich.

​⚠️ 𝗖𝗼𝗽𝗶𝗹𝗼𝘁 𝗮𝗹𝘀 𝗗𝗮𝘁𝗲𝗻𝗹𝗲𝗰𝗸?

​GitHub trainiert KI bald mit Nutzerdaten: heise.de/-11225588

Wenn Code aus kritischen Healthcare-Umgebungen in fremden Modellen landet, droht ein massives Sicherheitsproblem. Externe Entwickler-Richtlinien anpassen! 🔒

#DevSecOps #KI

Most automation tools break when you need them most.

Developer, @ChiefGyk3D, rebuilt his stack from scratch with open source tools and a better way to handle secrets.

No SaaS. No hardcoded creds. Just automation that works.

👉 zurl.co/OQz8H

#Doppler #SecretsManagement #DevOps #DevSecOps

⚠️ El arma secreta en tu cadena de suministro: atacan con tu propia herramienta

thenewstack.io/teampcp-trivy-supply-cha...

#Seguridad #OpenSource #SupplyChainAttack #DevSecOps

New Ghost Campaign Uses Fake npm Progress Bars to Phish Sudo Passwords New Ghost campaign is using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers.

A new Ghost campaign is targeting developers with fake #npm progress bars that trick users into entering sudo passwords, leading to malware installs and crypto wallet theft.

Read: hackread.com/ghost-campai...

#CyberSecurity #npm #Phishing #Malware #DevSecOps

Mutable tags. 10,000 pipelines. One credential. — What the Trivy attack taught me about implicit trust A few days ago I was designing a GitHub Actions pipeline with security scanning tools. Choosing what...

✍️ New blog post by Gerardo Castro Arica

Mutable tags. 10,000 pipelines. One credential. — What the Trivy attack taught me about implicit trust

#ai #security #devsecops #aws

A good system handles success.
A great system handles failure.

Design for both.

#DevSecOps #buildinpublic #100DaysOfCode

PyPI Removes Compromised LiteLLM Releases After Warnings of Stolen Credentials -- Pure AI Malicious versions of the widely used Python package LiteLLM were briefly published to the Python Package Index (PyPI), prompting warnings from PyPI, security researchers, and the package's maintainer that users should assume credentials exposed to affected environments may have been compromised.

Compromised LiteLLM packages on Python Package Index exposed credentials and showed how supply chain attacks can impact cloud, CI/CD and developer environments.

See what this breach reveals about supply chain risk: https://ow.ly/1vYY50YzrER

#Cybersecurity #OpenSource #DevSecOps

Security automation reduces friction and prevents last-minute delays.

#DevSecOps #Automation #Security #Delivery #MSP

🤖 Adiós a los falsos positivos en seguridad de código

openai.com/index/why-codex-security...

#SeguridadApp #IA #DevSecOps #OpenAI

Veracode Veracode’s powerful cloud-based platform, deep security expertise, and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

The latest update for #Veracode includes "Prioritize, Protect, Prove: A Roadmap for Application Security Transformation" and "Spring 2026 #GenAI Code Security Update: Despite Claims, AI Models Are Still Failing Security".

#cybersecurity #softwaresecurity #DevSecOps https://opsmtrs.com/3eO6tf7

🤖 Sysdig lanza un runtime para proteger tus agentes de IA de código

devops.com/sysdig-adds-runtime-to-s...

#DevSecOps #IA #Seguridad #Sysdig

Sysdig Adds Runtime to Secure AI Coding Agents Sysdig this week at the RSA Conference (RSAC) revealed it has created a runtime that makes it possible to securely deploy artificial intelligence (AI)...

#AI #Blogs #DevSecOps #Features #Social #- #Facebook #Social […]

[Original post on devops.com]

aws well arch ug lobdon meetup #awswaugldn #devsecops

🛡️ Minimus: Seguridad reforzada para contenedores de código abierto

thenewstack.io/minimus-open-source-cont...

#SeguridadContenedores #OpenSource #DevSecOps #Minimus

🛡️ El futuro seguro de GitHub Actions: Hoja de ruta 2026

github.blog/news-insights/product-ne...

#GitHub #DevSecOps #Seguridad #CICD

Ruby 3.3 enters security maintenance phase today until end of March 2027. Ruby 3.2 reaches EOL in 5 days.

Are you all caught up with your Ruby upgrades? If not, get in touch so we can help! 🚀

#Ruby #DevSecOps #RubyLang #EOL

NetRise Launches NetRise launches Provenance, a new software supply chain security product that identifies risks associated with the individual contributors and organizations behind open-source components.

NetRise launches 'Provenance' at #RSAC2026, a new tool to vet the individual contributors behind open-source projects. It moves beyond SBOMs to identify human-centric risk in the software supply chain. 👨‍💻 #SupplyChainSecurity #OpenSource #DevSecOps

Our automation specialists integrate DevSecOps, solution architecture, system analysis & governance—enabling secure, scalable innovation.

itpeoplenetwork.com/devsecops-au...

#DevSecOps #Automation #DigitalTransformation #SecureDevelopment