#opensourcesecurity — Public Fediverse posts

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=UGUnqfA0VuA

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=UGUnqfA0VuA

🚨 Neuer Angriff auf das NPM‑Ökosystem!
Am 23. Jan. 2024 wurden kritische JavaScript‑Pakete mit der Malware **“Shuffled NPM”** kompromittiert.

**Wichtig:**
- Prüft eure Abhängigkeiten ▶ Verwendet Hash‑Checks & automatisierte Scans.
- Folgt den Sicherheitswarnungen von npm‑security.
- Nutzt Lock‑Files & Monorepos, um ungewollte Updates zu verhindern.

#JavaScript #NPM #OpenSourceSecurity #NodeJS #PrivacyFirst

🔗 https://news.google.com/rss/articles/CBMijgFBVV95cUxQSzRWMU5rVVRHbGJsMWVYQ3NET1Y0cGNLX2NWbjdnWGEtT0ktZm5iMnctTnQwQXFPemlUUkEyRzNvdWxNeXBRMkQ4MTJKMDRLSnhJd2FlZjE4UFJiSjJJN3FFV3dESWI1WG9ZQVoyVXVoLXJNXzF4WmE0dk9SS2VTb3gyb01tNjk2ZGJUbHdB?oc=5

I had a chat with @eighthave about @fdroidorg on #OpenSourceSecurity

We cover how it works, the security angles for running an app store, and talk about some of the changes that are coming for Android that will make F-Droid's job a lot harder

I learned a ton from Hans, it's a great discussion

https://opensourcesecurity.io/2026/2026-05-fdroid-hans-steiner/

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=N-6Sc5CQwI0

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

Little Snitch comes to Linux to expose what your software is really doing

https://fed.brid.gy/r/https://nerds.xyz/2026/04/little-snitch-linux/

🧑‍💻 Built your own MFA system yet?

We just dropped a full walkthrough on how to integrate Google Authenticator into RELIANOID’s MFA portal — with secrets stored in AD or LDAP.

🔐 Based on TOTP
🛡️ Validates tokens post-login
📱 Generates QR codes for new users

It’s secure, scalable, and open-source-friendly.

📖 Dive in:

https://www.relianoid.com/resources/knowledge-base/misc/implementing-google-authenticator-for-2fa-with-ldap-ad/

#MFA #GoogleAuthenticator #TOTP #SysAdminLife #LDAP #OpenSourceSecurity #LinuxAdmin #TechStack #RELIANOID

🕯️ Behind the Code: Why Open Source Matters for Small Business Survival #OpenSource #Cybersecurity #SmallBusinessSecurity #DigitalFreedom #TransparentTech #PrivacyMatters #SecureByDesign #FOSS #InfoSec #SecurityAwareness #DataProtection #ZeroTrust #AuditTheCode #OpenSourceSecurity #TrustButVerify #TechTransparency #MatrixProtocol #Passbolt #Bitwarden #Nextcloud #OpenSourceTools #SecurityFirst #DigitalSovereignty #TechEthics #SecurityForAll

http://tomsitcafe.com/2025/04/11/%f0%9f%95%af%ef%b8%8f-behind-the-code-why-open-source-matters-for-small-business-survival/

🕯️ Behind the Code: Why Open Source Matters for Small Business Survival #OpenSource #Cybersecurity #SmallBusinessSecurity #DigitalFreedom #TransparentTech #PrivacyMatters #SecureByDesign #FOSS #InfoSec #SecurityAwareness #DataProtection #ZeroTrust #AuditTheCode #OpenSourceSecurity #TrustButVerify #TechTransparency #MatrixProtocol #Passbolt #Bitwarden #Nextcloud #OpenSourceTools #SecurityFirst #DigitalSovereignty #TechEthics #SecurityForAll

http://tomsitcafe.com/2025/04/11/%f0%9f%95%af%ef%b8%8f-behind-the-code-why-open-source-matters-for-small-business-survival/

🕯️ Behind the Code: Why Open Source Matters for Small Business Survival #OpenSource #Cybersecurity #SmallBusinessSecurity #DigitalFreedom #TransparentTech #PrivacyMatters #SecureByDesign #FOSS #InfoSec #SecurityAwareness #DataProtection #ZeroTrust #AuditTheCode #OpenSourceSecurity #TrustButVerify #TechTransparency #MatrixProtocol #Passbolt #Bitwarden #Nextcloud #OpenSourceTools #SecurityFirst #DigitalSovereignty #TechEthics #SecurityForAll

http://tomsitcafe.com/2025/04/11/%f0%9f%95%af%ef%b8%8f-behind-the-code-why-open-source-matters-for-small-business-survival/

🚀 NEW on We ❤️ Open Source 🚀

SBOMs are the foundation of a more secure open source ecosystem. Alan Pope shows how Syft & Grype help you inventory & scan your software for vulnerabilities—fast, locally, and openly.

https://allthingsopen.org/articles/sbom-open-source-security-syft-grype

#WeLoveOpenSource #SBOM #OpenSourceSecurity #Syft #Grype #FOSS #DevSecOps #SecureByDesign

This week on #OpenSourceSecurity I chat with @djc and @ctz about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety

https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/

#TLS #Rustls #Rust #MemorySafety

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs https://gbhackers.com/tag-100-open-source-cyber-attacks/ #VulnerabilityAnalysis #GlobalCyberThreats #OpenSourceSecurity #CyberSecurityNews #ExploitationTools #CyberEspionage #CyberAttack

📝 New article by a CrowdSec Ambassador, Killian Prin-Abeil! 🎉

In this deep dive, Killian breaks down React2Shell (CVE-2025-55182), from how the RCE works in React Server Components to why Next.js apps are vulnerable by default.

He also explores how the community reacted in hours, with CrowdSec shipping a virtual patch and threat intel to reduce exposure immediately.

👉Read it here: https://crowdsec.net/blog/react2shell-overly-spicy-side-of-react-19

#react #NextJS #AppSec #opensourcesecurity #react2shell #CVE

Microsoft AI Security Copilot Finds Hidden Flaws in GRUB2 and Other Bootloaders

#Cybersecurity #Microsoft #SecurityCopilot #GRUB2 #Uboot #Barebox #AI #OpenSourceSecurity #UEFI #Linux #VulnerabilityResearch

https://winbuzzer.com/2025/04/02/microsoft-ai-security-copilot-finds-hidden-flaws-in-grub2-and-other-bootloaders-xcxwbn/

Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments

Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.

Source: https://planetnix.com/

Are reproducible systems now essential for modern security architecture?

Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.

#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling

Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments

Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.

Source: https://planetnix.com/

Are reproducible systems now essential for modern security architecture?

Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.

#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling

Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments

Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.

Source: https://planetnix.com/

Are reproducible systems now essential for modern security architecture?

Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.

#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling

Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments

Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.

Source: https://planetnix.com/

Are reproducible systems now essential for modern security architecture?

Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.

#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling

Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments

Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.

Source: https://planetnix.com/

Are reproducible systems now essential for modern security architecture?

Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.

#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling

Read about our #opensource work implementing the Network Time Protocol in #rustlang!

https://tweedegolf.nl/nl/blog/75/implementing-the-network-time-protocol-ntp-in-rust

Folkert walks you through the whys and hows of this security-motivated implementation.

#ntp #networktimeprotocol #networktiming #opensourcesecurity #softwaresecurity

Inside the Silence: The Daemon Watches You #Cybersecurity #HackerMindset #ThreatIntelligence #DigitalSurveillance #PersistentThreats #CyberAwareness #SmallBusinessSecurity #Infosec #CyberThreats #SecurityTips #OPSEC #CyberDefense #AttackSurface #DigitalPrivacy #OpenSourceSecurity #ThreatModeling #CyberProtection #SecurityStrategy #AdversaryEmulation #SecurityAwareness

http://tomsitcafe.com/2025/04/09/%f0%9f%95%b6%ef%b8%8f-inside-the-silence-the-daemon-watches-you/

I had a chat on #OpenSourceSecurity with Kat Cosgrove about open source being critical infrastructure (neglected critical infrastructure)

Kat has a ton of experience in the world of Kubernetes and had some really interesting things to tell us about both successful projects as well as having to shut down projects that didn't get enough resources

Kat even gives me some optimism at the end, which is in rare supply lately

https://opensourcesecurity.io/2026/2026-05-open-source-infrastructure-kat/

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=52p2WywWq7g

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=52p2WywWq7g

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

We're LIVE! Join the Anchore Open Source team and our guest Michael Coté from Broadcom catching up on Bitnami Secure Images, Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=m7RfVrN1TUc

We're LIVE! Join the Anchore Open Source team and our guest Michael Coté from Broadcom catching up on Bitnami Secure Images, Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=m7RfVrN1TUc

I had another chat with David Bernstein about creating a disaster recovery plan on #OpenSourceSecurity

With all the events unfolding almost every day lately, there's never been a better time to put a plan like this together. In a few weeks David will tell us how to test such a plan once we create it

It's a lot less complicated than it seems, I know I've made this a lot harder than it needs to be

https://opensourcesecurity.io/2026/2026-04-disaster-planning-david-bernstein/

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=ZxkXfccgKvI

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=ZxkXfccgKvI

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=204PIweyiTA

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=204PIweyiTA

🐱‍💻 Oh, Astral's here to save us all from the horrors of open source security, one blog post at a time. Because, clearly, a company that "builds tools" for "millions" will tame the wild world of supply chain attacks with just a sprinkle of their secret sauce. 🥄✨
https://astral.sh/blog/open-source-security-at-astral #OpenSourceSecurity #AstralSupplyChain #CybersecurityBlog #SupplyChainAttacks #TechInnovation #HackerNews #ngated

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=diRrt9HJRZU