#opensourcesecurity — Public Fediverse posts

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

🧑‍💻 Built your own MFA system yet?

We just dropped a full walkthrough on how to integrate Google Authenticator into RELIANOID’s MFA portal — with secrets stored in AD or LDAP.

🔐 Based on TOTP
🛡️ Validates tokens post-login
📱 Generates QR codes for new users

It’s secure, scalable, and open-source-friendly.

📖 Dive in:

https://www.relianoid.com/resources/knowledge-base/misc/implementing-google-authenticator-for-2fa-with-ldap-ad/

#MFA #GoogleAuthenticator #TOTP #SysAdminLife #LDAP #OpenSourceSecurity #LinuxAdmin #TechStack #RELIANOID

Little Snitch comes to Linux to expose what your software is really doing

https://fed.brid.gy/r/https://nerds.xyz/2026/04/little-snitch-linux/

Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments

Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.

Source: https://planetnix.com/

Are reproducible systems now essential for modern security architecture?

Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.

#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling

Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments

Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.

Source: https://planetnix.com/

Are reproducible systems now essential for modern security architecture?

Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.

#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling

Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments

Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.

Source: https://planetnix.com/

Are reproducible systems now essential for modern security architecture?

Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.

#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling

Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments

Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.

Source: https://planetnix.com/

Are reproducible systems now essential for modern security architecture?

Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.

#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling

Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments

Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.

Source: https://planetnix.com/

Are reproducible systems now essential for modern security architecture?

Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.

#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling

📝 New article by a CrowdSec Ambassador, Killian Prin-Abeil! 🎉

In this deep dive, Killian breaks down React2Shell (CVE-2025-55182), from how the RCE works in React Server Components to why Next.js apps are vulnerable by default.

He also explores how the community reacted in hours, with CrowdSec shipping a virtual patch and threat intel to reduce exposure immediately.

👉Read it here: https://crowdsec.net/blog/react2shell-overly-spicy-side-of-react-19

#react #NextJS #AppSec #opensourcesecurity #react2shell #CVE

This week on #OpenSourceSecurity I chat with @djc and @ctz about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety

https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/

#TLS #Rustls #Rust #MemorySafety

🚀 NEW on We ❤️ Open Source 🚀

SBOMs are the foundation of a more secure open source ecosystem. Alan Pope shows how Syft & Grype help you inventory & scan your software for vulnerabilities—fast, locally, and openly.

https://allthingsopen.org/articles/sbom-open-source-security-syft-grype

#WeLoveOpenSource #SBOM #OpenSourceSecurity #Syft #Grype #FOSS #DevSecOps #SecureByDesign

🕯️ Behind the Code: Why Open Source Matters for Small Business Survival #OpenSource #Cybersecurity #SmallBusinessSecurity #DigitalFreedom #TransparentTech #PrivacyMatters #SecureByDesign #FOSS #InfoSec #SecurityAwareness #DataProtection #ZeroTrust #AuditTheCode #OpenSourceSecurity #TrustButVerify #TechTransparency #MatrixProtocol #Passbolt #Bitwarden #Nextcloud #OpenSourceTools #SecurityFirst #DigitalSovereignty #TechEthics #SecurityForAll

http://tomsitcafe.com/2025/04/11/%f0%9f%95%af%ef%b8%8f-behind-the-code-why-open-source-matters-for-small-business-survival/

🕯️ Behind the Code: Why Open Source Matters for Small Business Survival #OpenSource #Cybersecurity #SmallBusinessSecurity #DigitalFreedom #TransparentTech #PrivacyMatters #SecureByDesign #FOSS #InfoSec #SecurityAwareness #DataProtection #ZeroTrust #AuditTheCode #OpenSourceSecurity #TrustButVerify #TechTransparency #MatrixProtocol #Passbolt #Bitwarden #Nextcloud #OpenSourceTools #SecurityFirst #DigitalSovereignty #TechEthics #SecurityForAll

http://tomsitcafe.com/2025/04/11/%f0%9f%95%af%ef%b8%8f-behind-the-code-why-open-source-matters-for-small-business-survival/

🕯️ Behind the Code: Why Open Source Matters for Small Business Survival #OpenSource #Cybersecurity #SmallBusinessSecurity #DigitalFreedom #TransparentTech #PrivacyMatters #SecureByDesign #FOSS #InfoSec #SecurityAwareness #DataProtection #ZeroTrust #AuditTheCode #OpenSourceSecurity #TrustButVerify #TechTransparency #MatrixProtocol #Passbolt #Bitwarden #Nextcloud #OpenSourceTools #SecurityFirst #DigitalSovereignty #TechEthics #SecurityForAll

http://tomsitcafe.com/2025/04/11/%f0%9f%95%af%ef%b8%8f-behind-the-code-why-open-source-matters-for-small-business-survival/

Inside the Silence: The Daemon Watches You #Cybersecurity #HackerMindset #ThreatIntelligence #DigitalSurveillance #PersistentThreats #CyberAwareness #SmallBusinessSecurity #Infosec #CyberThreats #SecurityTips #OPSEC #CyberDefense #AttackSurface #DigitalPrivacy #OpenSourceSecurity #ThreatModeling #CyberProtection #SecurityStrategy #AdversaryEmulation #SecurityAwareness

http://tomsitcafe.com/2025/04/09/%f0%9f%95%b6%ef%b8%8f-inside-the-silence-the-daemon-watches-you/

Microsoft AI Security Copilot Finds Hidden Flaws in GRUB2 and Other Bootloaders

#Cybersecurity #Microsoft #SecurityCopilot #GRUB2 #Uboot #Barebox #AI #OpenSourceSecurity #UEFI #Linux #VulnerabilityResearch

https://winbuzzer.com/2025/04/02/microsoft-ai-security-copilot-finds-hidden-flaws-in-grub2-and-other-bootloaders-xcxwbn/

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs https://gbhackers.com/tag-100-open-source-cyber-attacks/ #VulnerabilityAnalysis #GlobalCyberThreats #OpenSourceSecurity #CyberSecurityNews #ExploitationTools #CyberEspionage #CyberAttack

Read about our #opensource work implementing the Network Time Protocol in #rustlang!

https://tweedegolf.nl/nl/blog/75/implementing-the-network-time-protocol-ntp-in-rust

Folkert walks you through the whys and hows of this security-motivated implementation.

#ntp #networktimeprotocol #networktiming #opensourcesecurity #softwaresecurity