Miguel Afonso Caetano<p>"As businesses around the world have shifted their digital infrastructure over the last decade from self-hosted servers to the cloud, they’ve benefitted from the standardized, built-in security features of major cloud providers like Microsoft. But with so much riding on these systems, there can be potentially disastrous consequences at a massive scale if something goes wrong. Case in point: Security researcher Dirk-jan Mollema recently stumbled upon a pair of vulnerabilities in Microsoft Azure’s identity and access management platform that could have been exploited for a potentially cataclysmic takeover of all Azure customer accounts.</p><p>Known as Entra ID, the system stores each Azure cloud customer’s user identities, sign-in access controls, applications, and subscription management tools. Mollema has studied Entra ID security in depth and published multiple studies about weaknesses in the system, which was formerly known as Azure Active Directory. But while preparing to present at the Black Hat security conference in Las Vegas in July, Mollema discovered two vulnerabilities that he realized could be used to gain global administrator privileges—essentially god mode—and compromise every Entra ID directory, or what is known as a “tenant.” Mollema says that this would have exposed nearly every Entra ID tenant in the world other than, perhaps, government cloud infrastructure.</p><p>“I was just staring at my screen. I was like, ‘No, this shouldn’t really happen,’” says Mollema, who runs the Dutch cybersecurity company Outsider Security and specializes in cloud security. “It was quite bad. As bad as it gets, I would say.”"</p><p><a href="https://arstechnica.com/security/2025/09/microsofts-entra-id-vulnerabilities-could-have-been-catastrophic/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">09/microsofts-entra-id-vulnerabilities-could-have-been-catastrophic/</span></a></p><p><a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://tldr.nettime.org/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloud</span></a> <a href="https://tldr.nettime.org/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Azure</span></a> <a href="https://tldr.nettime.org/tags/EntraID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EntraID</span></a> <a href="https://tldr.nettime.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://tldr.nettime.org/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a></p>
det.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon Server des Unterhaltungsfernsehen Ehrenfeld zum dezentralen Diskurs.
Administered by:
Server stats:
1.8Kactive users
det.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#cloudsecurity
6 posts · 6 participants · 0 posts today
Cyb3rk1d<p>🛠️ Best Cybersecurity Tools for Every Role — From Blue Team to Red Team 🚀</p><p>Cybersecurity isn’t one-size-fits-all. Different roles require different tools, whether you’re defending networks, hunting threats, testing applications, or managing policies. Here’s a breakdown of the most valuable tools by role — all framed for authorized, ethical use.</p><p>🔵 Blue Team (Defense & Monitoring)<br>Defenders rely on visibility and rapid detection. Tools like Splunk, ELK, and Wazuh centralize logs, while Suricata and Zeek analyze traffic in depth. Endpoint tools like CrowdStrike or Microsoft Defender ATP provide EDR, and Security Onion ties it together for SOC workflows. 📊👀</p><p>🔴 Red Team (Offense & Simulation)<br>In authorized engagements, red teams simulate adversaries to test resilience. Metasploit and Cobalt Strike (licensed) provide frameworks for controlled exploitation, while Impacket and BloodHound help map Active Directory environments. Tools like Burp Suite and OWASP ZAP uncover web flaws in safe labs. ⚡🧪</p><p>🟣 Purple Team (Collaboration)<br>Purple teams blend red & blue to improve detection. Using MITRE ATT&CK Navigator, Atomic Red Team, and Caldera, they run adversary emulations while defenders fine-tune alerts. 🤝🛡️</p><p>🔍 Threat Hunting & DFIR<br>Analysts use Volatility and Autopsy for forensics, YARA for malware hunting, and MISP or AlienVault OTX for threat intel sharing. Sandboxes like Cuckoo and platforms like Any.Run safely analyze suspicious files. ☣️🔎</p><p>☁️ Cloud & DevSecOps<br>For cloud, Wiz, Prisma Cloud, and Trivy scan for misconfigs and vulnerabilities. Developers secure pipelines with Snyk, Checkov, and GitHub Advanced Security. 🐳☁️</p><p>⚠️ Disclaimer:<br>For educational & defensive use only. Tools should only be used in labs, on your own systems, or under explicit written permission during authorized engagements. 🚫🔒</p><p><a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://defcon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://defcon.social/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueTeam</span></a> <a href="https://defcon.social/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedTeam</span></a> <a href="https://defcon.social/tags/PurpleTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PurpleTeam</span></a> <a href="https://defcon.social/tags/SOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOC</span></a> <a href="https://defcon.social/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://defcon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a> <a href="https://defcon.social/tags/SecurityTools" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityTools</span></a> <a href="https://defcon.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a></p>
Thijs<p>Happy to (finally) share the proof of concept code of the vulnerability I presented at <a href="https://hsnl.social/tags/WHY2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WHY2025</span></a>. Our paper about it got accepted to IEEE S&P '26, and was awarded a $151,515 bug bounty by Google Cloud, their highest bounty so far. </p><p><a href="https://github.com/ThijsRay/l1tf_reloaded" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/ThijsRay/l1tf_reloa</span><span class="invisible">ded</span></a></p><p><a href="https://hsnl.social/tags/ieee" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ieee</span></a> <a href="https://hsnl.social/tags/sp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sp</span></a> <a href="https://hsnl.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://hsnl.social/tags/googlecloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>googlecloud</span></a> <a href="https://hsnl.social/tags/spectre" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spectre</span></a> <a href="https://hsnl.social/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> <a href="https://hsnl.social/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a> <a href="https://hsnl.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://hsnl.social/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://hsnl.social/tags/vulnerabilityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilityresearch</span></a> <a href="https://hsnl.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Cyb3rk1d<p>☁️ Cloud Security Tools — Essential Toolkit for Modern Teams 🛡️🚀</p><p>Cloud environments introduce new risks and require specialized tooling to secure workloads, configurations, and data. Use a mix of CSP-native and third-party tools to cover posture management, runtime protection, identity, and visibility. Key categories and examples: Cloud Security Posture Management (CSPM) — Prisma Cloud, Dome9, Wiz for misconfig & compliance checks 🔍; Cloud Workload Protection (CWPP) — CrowdStrike, Trend Micro, Aqua for container and VM runtime defense 🐳🛡️; Cloud Access Security Broker (CASB) — Netskope, Microsoft Defender for Cloud Apps for SaaS visibility & data control ☁️🔐; Identity & Access Management — AWS IAM/Azure AD hardening, BeyondTrust, Okta for strong auth & least privilege 🔑; Threat Detection & SIEM — Splunk, Sumo Logic, Datadog + cloud-native logging for alerting and forensics 📊; Vulnerability & Configuration Scanning — Qualys, Tenable, Trivy for images and infra-as-code scanning ⚙️; Secrets Management — HashiCorp Vault, AWS Secrets Manager for safe key handling 🔐; and Supply-chain & CI/CD security — Snyk, Checkov, GitHub Advanced Security to catch insecure deps and pipelines 🧩.</p><p>⚠️ Disclaimer:<br>For educational & defensive use only. Evaluate tools against your cloud provider, compliance needs, and threat model before deploying. Always test changes in staging before production. 🚫🔒</p><p><a href="https://defcon.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://defcon.social/tags/CSPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSPM</span></a> <a href="https://defcon.social/tags/CWPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CWPP</span></a> <a href="https://defcon.social/tags/IAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IAM</span></a> <a href="https://defcon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://defcon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://defcon.social/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloud</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://defcon.social/tags/SecurityTools" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityTools</span></a> <a href="https://defcon.social/tags/Compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Compliance</span></a> <a href="https://defcon.social/tags/ContainerSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ContainerSecurity</span></a> ☁️🛡️</p>
Bytes Europe<p>Tenable co-CEO on Australia, AI and growth <a href="https://www.byteseu.com/1392321/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/1392321/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a> <a href="https://pubeurope.com/tags/BreachPrevention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BreachPrevention</span></a> <a href="https://pubeurope.com/tags/BusinessContinuity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BusinessContinuity</span></a> <a href="https://pubeurope.com/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://pubeurope.com/tags/CustomerExperience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CustomerExperience</span></a>(CX) <a href="https://pubeurope.com/tags/CustomerFeedback" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CustomerFeedback</span></a> <a href="https://pubeurope.com/tags/CustomerRetention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CustomerRetention</span></a> <a href="https://pubeurope.com/tags/CyberResilience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberResilience</span></a> <a href="https://pubeurope.com/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberRisk</span></a> <a href="https://pubeurope.com/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://pubeurope.com/tags/CybersecurityStrategy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CybersecurityStrategy</span></a> <a href="https://pubeurope.com/tags/DataIntegration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataIntegration</span></a> <a href="https://pubeurope.com/tags/EnterpriseSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EnterpriseSecurity</span></a> <a href="https://pubeurope.com/tags/MarketingTechnologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MarketingTechnologies</span></a>(MarTech) <a href="https://pubeurope.com/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareDevelopment</span></a> <a href="https://pubeurope.com/tags/Tenable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tenable</span></a></p>
Netzpalaver<p>Check Point gibt Integration von Cloudguard-Network-Security in Nutanix-AOS 7.3 bekannt</p><p><a href="https://social.tchncs.de/tags/Firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firewall</span></a> @CheckPointSW <a href="https://social.tchncs.de/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://social.tchncs.de/tags/Cloudguard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloudguard</span></a> <a href="https://social.tchncs.de/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.tchncs.de/tags/Cybersicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersicherheit</span></a> <a href="https://social.tchncs.de/tags/FlowNetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FlowNetworkSecurity</span></a> @Nutanix <a href="https://social.tchncs.de/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroTrust</span></a></p><p><a href="https://netzpalaver.de/2025/09/18/check-point-gibt-integration-von-cloudguard-network-security-in-nutanix-aos-7-3-bekannt/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">netzpalaver.de/2025/09/18/chec</span><span class="invisible">k-point-gibt-integration-von-cloudguard-network-security-in-nutanix-aos-7-3-bekannt/</span></a></p>
Bytes Europe<p>Tenable Report Highlights Cloud Security Risks in Hybrid Environments, AI Workloads <a href="https://www.byteseu.com/1371520/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/1371520/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/AIWorkloads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIWorkloads</span></a> <a href="https://pubeurope.com/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://pubeurope.com/tags/environment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>environment</span></a></p>
Netzpalaver<p>KI in der Cloud-Security - Was es jetzt braucht, sind Tempo, Kontext und Verantwortung</p><p><a href="https://social.tchncs.de/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloud</span></a> <a href="https://social.tchncs.de/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://social.tchncs.de/tags/CloudSicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSicherheit</span></a> <a href="https://social.tchncs.de/tags/CybersecurityCybersicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CybersecurityCybersicherheit</span></a> <a href="https://social.tchncs.de/tags/Cybersicherheitslage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersicherheitslage</span></a> <a href="https://social.tchncs.de/tags/Echtzeiterkennung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Echtzeiterkennung</span></a> <a href="https://social.tchncs.de/tags/KIAgent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KIAgent</span></a> <a href="https://social.tchncs.de/tags/k%C3%BCnstlicheIntelligenz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>künstlicheIntelligenz</span></a> @Sysdig</p><p><a href="https://netzpalaver.de/2025/09/10/ki-in-der-cloud-security-was-es-jetzt-braucht-sind-tempo-kontext-und-verantwortung/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">netzpalaver.de/2025/09/10/ki-i</span><span class="invisible">n-der-cloud-security-was-es-jetzt-braucht-sind-tempo-kontext-und-verantwortung/</span></a></p>
InfoQ<p><a href="https://techhub.social/tags/CertificateTransparency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CertificateTransparency</span></a> (CT) creates public, append-only logs of every TLS certificate issued, helping detect rogue or mistaken certificates.</p><p>Learn how CT has 𝐭𝐫𝐚𝐧𝐬𝐟𝐨𝐫𝐦𝐞𝐝 𝐢𝐧𝐭𝐞𝐫𝐧𝐞𝐭 𝐏𝐊𝐈: <a href="https://bit.ly/4gkK72Y" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bit.ly/4gkK72Y</span><span class="invisible"></span></a> </p><p>📰 Read now!</p><p><a href="https://techhub.social/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> <a href="https://techhub.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://techhub.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://techhub.social/tags/Cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptography</span></a> <a href="https://techhub.social/tags/InfoQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoQ</span></a></p>
D_70WN 🌈 🏳️⚧️<p>Privilege Escalation in GraphQL/REST APIs (CVE-2025-55739 & CVE-2025-55210): Hardcoded OAuth keys and improper JWT jti validation let low-privileged users forge tokens with admin-level scopes.</p><p>The two privilege escalation issues can be chained together to move from a standard account to full administrator, posing significant risk for FreePBX deployments.</p><p>Big thanks to the FreePBX and Sangoma team for confirming and patching these issues. <a href="https://chaos.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://chaos.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://chaos.social/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a> <a href="https://chaos.social/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://chaos.social/tags/freepbx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freepbx</span></a></p>
D_70WN 🌈 🏳️⚧️<p>New Vulnerabilities Discovered in FreePBX, from low privilege to full admin: three new CVEs impacting FreePBX and cloud deployments</p><p>I recently identified and reported multiple critical vulnerabilities in the FreePBX (<a href="https://www.freepbx.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">freepbx.org</span><span class="invisible"></span></a>), resulting in three CVEs:</p><p>Stored Cross-Site Scripting (CVE-2025-55209): Allows a low-privileged user to steal an admin session token.</p><p><a href="https://chaos.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://chaos.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://chaos.social/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a> <a href="https://chaos.social/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://chaos.social/tags/freepbx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freepbx</span></a></p>
ml4den<p>AI tools are being weaponized by threat actors in unprecedented ways. From zero-day exploits to record-breaking DDoS attacks, the cybersecurity landscape continues to evolve at an alarming pace.</p><p><a href="https://social.vivaldi.net/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.vivaldi.net/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://social.vivaldi.net/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a> <a href="https://social.vivaldi.net/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://social.vivaldi.net/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p><p><a href="https://cybernewsweekly.substack.com/p/cybersecurity-news-review-week-36-6c4" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybernewsweekly.substack.com/p</span><span class="invisible">/cybersecurity-news-review-week-36-6c4</span></a></p>
Intellitron Genesis<p>The data you protect today could be exposed tomorrow.<br>Quantum computing will break RSA & ECC—only Post-Quantum Cryptography (PQC) can secure the future.</p><p>Read: <a href="https://intellitrongenesis.com/2025/08/31/post-quantum-cryptography-securing-tomorrows-data-today/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">intellitrongenesis.com/2025/08</span><span class="invisible">/31/post-quantum-cryptography-securing-tomorrows-data-today/</span></a></p><p><a href="https://mastodon.social/tags/Quantum" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Quantum</span></a> <a href="https://mastodon.social/tags/computing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>computing</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataProtection</span></a> <a href="https://mastodon.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://mastodon.social/tags/Fintech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fintech</span></a> <a href="https://mastodon.social/tags/artificialintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>artificialintelligence</span></a> <a href="https://mastodon.social/tags/BigData" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigData</span></a> <a href="https://mastodon.social/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://mastodon.social/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a> <a href="https://mastodon.social/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a> <a href="https://mastodon.social/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsoft</span></a> <a href="https://mastodon.social/tags/future" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>future</span></a> <a href="https://mastodon.social/tags/gaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gaming</span></a></p>
InfoQ<p>⚠️ As <a href="https://techhub.social/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> attacks grow in frequency, scale, and sophistication, endpoint security & reactive backups are no longer enough.</p><p>🔐 Defense has moved beyond traditional antivirus - the new focus is the storage layer:<br>✅ Immutable backups<br>✅ AI-powered detection<br>✅ Isolated vaults</p><p>📰 Read the <a href="https://techhub.social/tags/InfoQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoQ</span></a> article by Arjun Mullick (Engineering Manager, Meta): <a href="https://bit.ly/4623E3x" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bit.ly/4623E3x</span><span class="invisible"></span></a></p><p><a href="https://techhub.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://techhub.social/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://techhub.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://techhub.social/tags/SecurityVulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityVulnerabilities</span></a></p>
InfoQ<p>Meet Veles - a new <a href="https://techhub.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> secret scanner as part of the OSV-SCALIBR (Software Composition Analysis LIBRary) ecosystem.</p><p>Veles integrates seamlessly with other OSV-SCALIBR tools, powers secret scanning in Google Cloud, and is also available as a standalone module.</p><p>👉 Read more here: <a href="https://bit.ly/45UM5SZ" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bit.ly/45UM5SZ</span><span class="invisible"></span></a></p><p><a href="https://techhub.social/tags/InfoQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoQ</span></a> <a href="https://techhub.social/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://techhub.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a></p>
DomainTools<p>For cybersecurity practitioners looking to stay ahead of the curve, this week's reading list is for you collated by <span class="h-card" translate="no"><a href="https://masto.deoan.org/@neurovagrant" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>neurovagrant</span></a></span>. Dive into new research from Black Hat and DEF CON to explore detailed investigations into cybercriminal groups like VexTrio (💡<span class="h-card" translate="no"><a href="https://infosec.exchange/@InfobloxThreatIntel" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>InfobloxThreatIntel</span></a></span>) and learn from the experiences of a Kaseya hacker (🔦Analyst1). Finally, get grounded perspectives on AI's role for both defenders and attackers.</p><p>The list also highlights important findings on attacker behavior (⚠️ <span class="h-card" translate="no"><a href="https://infosec.exchange/@greynoise" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>greynoise</span></a></span>), cloud threat hunting (👀Recorded Future), and vulnerabilities in AI agents. Whether you're in the trenches or looking for your next role, these resources offer valuable insights to help you navigate a challenging landscape.</p><p>Learn More: <a href="https://dti.domaintools.com/cybersecurity-reading-list-week-of-2025-08-25/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dti.domaintools.com/cybersecur</span><span class="invisible">ity-reading-list-week-of-2025-08-25/</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/blackhat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blackhat</span></a> <a href="https://infosec.exchange/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/threatanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatanalysis</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a></p>
ET<p>Building a community of 50,000 security professionals wasn't easy. <span class="h-card" translate="no"><a href="https://infosec.exchange/@jerry" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jerry</span></a></span> the man behind InfosecExchange reveals how he managed the technical scaling challenges and why "moderating a community that large" proved even harder. </p><p>In the latest episode of the Security Chipmunks podcast, we learn about his journey, running a Mastodon server, and how he started his journey working in a factory, to becoming an IBM Cloud security leader, as well as how running one of the largest cybersecurity podcast, Defensive Security Podcast, helped him in his career. </p><p>Check out the latest episode of the Security Chipmunks podcast. Available on all of your favorite podcast platforms and YouTube.</p><p><a href="https://youtu.be/LTFYJNEcjh8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/LTFYJNEcjh8</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mastodon</span></a> <a href="https://infosec.exchange/tags/CyberCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberCommunity</span></a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a></p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>TerraSchema converts Terraform `.tf` files into JSON Schema (Draft-07) for variable validation. It handles types, defaults, and validation rules directly, making `.tfvars.json` file generation seamless. Install via `go` or binaries. <a href="https://infosec.exchange/tags/Terraform" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Terraform</span></a> <a href="https://infosec.exchange/tags/JSONSchema" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JSONSchema</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/HewlettPackard/terraschema" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/HewlettPackard/terr</span><span class="invisible">aschema</span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
OWASP Foundation<p>We’re thrilled to welcome two visionary leaders in security as our keynote speakers for OWASP Global AppSec USA 2025!:</p><p>📍 Daniel Miessler</p><p>📍 Adam Shostack</p><p>Join us in Washington, D.C., November 6-7, for insights, strategies, and inspiration from two of the brightest minds in AppSec.</p><p>Register today: <a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.glueup.com/event/131624/</span><span class="invisible">register/</span></a></p><p><a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AISecurity</span></a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/GlobalAppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GlobalAppSec</span></a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WashingtonDC</span></a></p>
Tarnkappe.info<p>📬 Datenpanne bei Google: ShinyHunters hat zugeschlagen<br><a href="https://social.tchncs.de/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Datenschutz</span></a> <a href="https://social.tchncs.de/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSicherheit</span></a> <a href="https://social.tchncs.de/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://social.tchncs.de/tags/Datenpanne2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Datenpanne2025</span></a> <a href="https://social.tchncs.de/tags/GoogleDatenleck" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleDatenleck</span></a> <a href="https://social.tchncs.de/tags/SalesforceHack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SalesforceHack</span></a> <a href="https://social.tchncs.de/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShinyHunters</span></a> <a href="https://social.tchncs.de/tags/socialengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socialengineering</span></a> <a href="https://sc.tarnkappe.info/bc03d4" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sc.tarnkappe.info/bc03d4</span><span class="invisible"></span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload