OUR BLOG
Ultralytics publishes malicious PyPi packages
The Ultralytics PyPi package was compromised today via a sneaky attack leveraging GitHub pull requests. Two consecutive package versions of the Ultralytics PyPi package were compromised and...
Repo swatting attack deletes GitHub and GitLab accounts
I've spent the last year researching the trust and safety mechanisms in SCM platforms like GitHub, GitLab, and Gitea. These platforms are important in the ecosystem, as GitHub and GitLab together...
Are private bug bounty programs a good idea?
Bug bounty programs have emerged over the last 5 years as a vital tool for identifying and mitigating vulnerabilities. Many enterprises have accepted the value of having bug bounty programs in...
Real talk about “memory-safe” languages.
You might have recently heard people talking about "memory-safe" languages and how we all need to start using them. There is a loud contingent of people on LinkedIn and Twitter advocating that we...
Gitloker software supply chain attack targets GitHub users
A new software supply chain attack is affecting GitHub users. The new threat, “Gitloker” targets GitHub users repositories with a simple but effective attack: deleting everything they have access...
What is the offensive security “Holy Trinity”?
What is offensive security? In today's complex cybersecurity landscape, organizations use a variety of techniques to fortify their defenses and use proactive measures to ensure the integrity of...
Project Discovery Hardly, Strictly Security Conference
I will be presenting at Project Discovery's inaugural "Hardly, Strictly Security Conference" April 25thWhat is the "Hardly, Strictly Security Conference"? Hardly, Strictly Security (HSS) is the only...
“Managed DevSecOps” helps your development teams deliver software faster with fewer bugs
What is DevSecOps and why is it important for my company? DevSecOps is the combination of development, security and operations in relation to application delivery. It involves integrating security...
How can CI/CD help my team?
First, what does "CI/CD" stand for? CI/CD is an acronym used to refer to two separate and distinct parts of the software development lifecycle (SDLC), which are often discussed as one. Continuous...
The Growing Threat of Software Supply Chain Attacks
As more and more companies rely on third-party software components to build their applications, the risk of software supply chain attacks continues to grow....