AI can be much more than slop. Blackhats and ATP *will* be using it even when OpenAI is dead and buried #interesting #DevSec #DevSecOps

NEW on the DevSwarm blog: Why DevSwarm runs locally (and why that matters for security).

Read it here: devswarm.ai/blog/why-devswarm-runs-l...

#DevSwarm #HiVECoding #DevSec #LocalFirst

Lazarus Group Embed New BeaverTail Variant in Developer Tools Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

NEW: Developers, crypto users, and job seekers beware - North Korea’s Lazarus Group is deploying a new #BeaverTail variant to steal credentials and crypto via fake job offers, dev tools and smart contracts.

Read: hackread.com/lazarus-embe...

#CyberSecurity #Lazarus #NorthKorea #DevSec #InfoStealer

Safe navigation through upgrades in npm package minefield Learn essential security practices to protect your projects from npm supply chain attacks. Discover how to safely manage dependencies, prevent malicious code execution, and strengthen your development...

🔐 npm supply chain attacks hit 180+ packages this year. Here's what works to protect your projects:

Quick wins:
✓ Disable postinstall scripts
✓ Use cooldown period
✓ Immutable lockfiles
✓ 2FA on npm

Full security guide with code examples 👇
literat.dev/blog/2025-12...

#DevSec #JavaScript #npm

A critical security practice for developers is sandboxing unknown code. Always use VMs or containers for external executables or interview-related coding tasks to isolate potential threats from your main system. #DevSec 4/6

Question for any security devs out there: what is the better option?

1. A JWT with a 5-minute timeout, and returning a new JWT on each request

2. A 1-minute JWT with a 5-minute refreshToken that can be used to get a new JWT in a separate request

#cybersecurity #devs #devsec

CrowdStrike rewrites security architecture with AI agents that code, hunt, and respond autonomously. # CrowdStrike's Agentic Security Platform: What Developers and Security Teams Need to Know *CrowdStrike rewrites security architecture with AI agents that code, hunt, and respond autonomously.* CrowdS...

coderlegion.com/5434/crowdst... #CyberSecurity #AI #AgenticSecurity #DevSec #CrowdStrike #SecurityAutomation #ThreatHunting #CISO

The Hidden Cost of Outdated API Security: Why CIOs Need to Act Now Security tools that were effective two years ago are now creating business risks. Here's what changed.Your API security strategy is probably costing you more than you realize. Not just in licensing fe...

www.insightsfromanalytics.com/post/the-hid... #fastly #APISecurity #DevSec #CyberSecurity #AppSec #EdgeSecurity

API attacks that took 15 hours now happen in 15 minutes. Most security teams aren't keeping up. # API Attacks Are Getting Faster. Your Security Stack Isn't Ready. The security landscape has fundamentally changed. What used to take attackers 15 hours to accomplish now happens in 15 minutes. And i...

coderlegion.com/5087/api-att... #fastly #APISecurity #DevSec #CyberSecurity #AppSec #EdgeSecurity

Your best developer could be a security risk, and AI is making threats harder to detect. # The Hidden Threat in Your Development Team: How AI is Changing Insider Risk Forever At Black Hat 2025, I sat down with [Lynsey Wolf][1], a human behavioral scientist at [DTEX Systems][2], to discuss...

coderlegion.com/4831/your-be... #DTEXSystems #InsiderThreat #CyberSecurity #AI #DevSec #BlackHat2025 #DataProtection #RemoteWork

Snyk just made security invisible to developers—AI writes secure code without them thinking about it # The End of Security as a Developer Concern: Snyk's 'Secure at Inception' Revolution *How Model Context Protocol integration promises to make security completely invisible to developers writing AI-ge...

coderlegion.com/4563/snyk-ju... #BlackHat #SecureAtInception #MCP #AICoding #VibeCoding #DevSec #Snyk #AI #Security #Cursor

The Hidden Threat: How AI is Making Insider Risk Everyone's Problem Nation-state actors are getting IT jobs at your company. Here's what developers and security teams need to know.While cybersecurity teams obsess over external threats—building bigger firewalls, deploy...

www.insightsfromanalytics.com/post/the-hid... #DtexSystems #InsiderThreat #CyberSecurity #AI #BlackHat2025 #DevSec #NationState #InfoSec #TechSecurity

🔒 Claude Code now has automated security reviews!

Type `/security-review` → finds vulnerabilities before production
GitHub Action auto-reviews PRs
Already caught real bugs in Anthropic's code

Available now for all users.

www.anthropic.com/news/automat...

#ClaudeCode #DevSec #AI

99% of Fortune 5000 companies disabled security controls to connect AI to enterprise data. # The API Security Crisis: How AI Broke Every Rule We Knew *99% of Fortune 5000 companies disabled security controls to connect AI to enterprise data.* The cybersecurity world spent decades building s...

coderlegion.com/4427/99-of-f... #Wallarm #d0znpp #AI #CyberSecurity #BlackHat2025 #DevSec #APIAttacks #ThreatIntelligence #InfoSec

#NPM compromised again. Change all ya passwords & tokens. The package was ‘is’.

It’s a widely used low level utility.

#javascript #react #devSec

Les gens parlent de clé publique et clé privée, mais vous n'êtes pas sûr de savoir comment ça fonctionne ? 🗝️

Le chiffrement asymétrique, c'est un peu comme les stylos à encre invisible...

#dev #programmation #chiffrement #devsec

🚨 Mark your calendars! 🚨

Join us for the OWASP Global AppSec US Conference in Washington, D.C., November 3–7, 2025 at the Marriott Marquis!

Register now! owasp.glueup.com/eve...

#OWASP #AppSec #Cybersecurity #ThreatModeling #GlobalAppSecUS #SecureCoding #DevSecOps #DevSec #WashingtonDC #Hacking

Join Liran Tal at OWASP Global AppSec EU 2025 in Barcelona for an eye-opening session on the real security implications of TypeScript!

With live demos and actionable insights, this talk is a must for anyone building with TypeScript.

#OWASP #AppSecEU2025 #DevSecOps #AppSec #DevSec #Barcelona

Join Dag Flachet at OWASP Global AppSec EU 2025 in Barcelona for a powerful session on building better AppSec programs—one small step at a time.

owasp.glueup.com/eve...

#OWASP #AppSecEU2025 #DevSec #AppSec #SecureDevelopment #Barcelona

Novel Universal Bypass for All Major LLMs HiddenLayer’s latest research uncovers a universal prompt injection bypass impacting GPT-4, Claude, Gemini, and more, exposing major LLM security gaps.

Security folks found a flaw in all major LLMs. This one is big - all AI safety measures can fail.

#AI #Security #DevSec hiddenlayer.com/innovation-hub/novel-uni...

Why Has DevSecOps Failed?  - DevOps.com DevSecOps is failing because we underestimated the complexity of cultural transformation and the importance of human-centered tools.

Why Has DevSecOps Failed?

devops.com/why-has-devs...

#devops #devsec #DevSecOps #SoftwareEngineering #engineering #SoftwareDevelopment #security #infosecurity #technology

Ano passado fiz um trampo legal pra conscientizar os devs sobre segurança na empresa usando uma newsletter interna, ai tô abrindo para todos agora, um pouco tarde, porém deve ser útil para alguém: guisso.dev/posts/devsec...

#appsec #infosec #devsec

LLMs May Enhance Vulnerability Detection Methods Recent research highlights the potential of large language models to enhance vulnerability detection in software development by improving accuracy and integrating with DevSecOps pipelines.

Recent research shows that large language models (LLMs) can significantly boost vulnerability detection in software development, enhancing accuracy and integration within DevSecOps pipelines. This advancement could transform how we approach #cybersecurity. Stay informed on emerging #threats! #DevSec

#cybersec professionals, register now for OWASP Global AppSec EU Conference & Training in #Barcelona

Keynote speaker, Sarah-Jane Madden, will share her wealth of experience gained over 25 years in the technology industry.

owasp.glueup.com/eve...

#OWASPGlobalAppSecEU2025 #AppSec #Infosec #DevSec