#software-security — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #software-security, aggregated by home.social.
-
🚨BREAKING NEWS🚨: Six "new" #CVEs in #curl, including one that's the digital equivalent of a fossil! 🦖 Congrats to #AISLE for discovering what we've all known since the dawn of time: software is never perfect. 😏 But hey, at least your toaster and Mars rover can now sleep soundly knowing curl is secure. 🌌🔧
https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported #BREAKINGNEWS #softwaresecurity #cybersecurity #HackerNews #ngated -
🚨BREAKING NEWS🚨: Six "new" #CVEs in #curl, including one that's the digital equivalent of a fossil! 🦖 Congrats to #AISLE for discovering what we've all known since the dawn of time: software is never perfect. 😏 But hey, at least your toaster and Mars rover can now sleep soundly knowing curl is secure. 🌌🔧
https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported #BREAKINGNEWS #softwaresecurity #cybersecurity #HackerNews #ngated -
🚨BREAKING NEWS🚨: Six "new" #CVEs in #curl, including one that's the digital equivalent of a fossil! 🦖 Congrats to #AISLE for discovering what we've all known since the dawn of time: software is never perfect. 😏 But hey, at least your toaster and Mars rover can now sleep soundly knowing curl is secure. 🌌🔧
https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported #BREAKINGNEWS #softwaresecurity #cybersecurity #HackerNews #ngated -
🚨BREAKING NEWS🚨: Six "new" #CVEs in #curl, including one that's the digital equivalent of a fossil! 🦖 Congrats to #AISLE for discovering what we've all known since the dawn of time: software is never perfect. 😏 But hey, at least your toaster and Mars rover can now sleep soundly knowing curl is secure. 🌌🔧
https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported #BREAKINGNEWS #softwaresecurity #cybersecurity #HackerNews #ngated -
🚨BREAKING NEWS🚨: Six "new" #CVEs in #curl, including one that's the digital equivalent of a fossil! 🦖 Congrats to #AISLE for discovering what we've all known since the dawn of time: software is never perfect. 😏 But hey, at least your toaster and Mars rover can now sleep soundly knowing curl is secure. 🌌🔧
https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported #BREAKINGNEWS #softwaresecurity #cybersecurity #HackerNews #ngated -
RT @OpenAI: Wir erweitern OpenAI Daybreak, um das Patchen von Software mit Sicherheitslücken zu demokratisieren und dies in maschineller Geschwindigkeit zu ermöglichen:
mehr auf Arint.info
#AIPatching #Cybersecurity #Daybreak #InfoSec #OpenAI #SoftwareSecurity #arint_info
-
RT @OpenAI: Wir erweitern OpenAI Daybreak, um das Patchen von Software mit Sicherheitslücken zu demokratisieren und dies in maschineller Geschwindigkeit zu ermöglichen:
mehr auf Arint.info
#AIPatching #Cybersecurity #Daybreak #InfoSec #OpenAI #SoftwareSecurity #arint_info
-
RT @OpenAI: Wir erweitern OpenAI Daybreak, um das Patchen von Software mit Sicherheitslücken zu demokratisieren und dies in maschineller Geschwindigkeit zu ermöglichen:
mehr auf Arint.info
#AIPatching #Cybersecurity #Daybreak #InfoSec #OpenAI #SoftwareSecurity #arint_info
-
RT @OpenAI: Wir erweitern OpenAI Daybreak, um das Patchen von Software mit Sicherheitslücken zu demokratisieren und dies in maschineller Geschwindigkeit zu ermöglichen:
mehr auf Arint.info
#Cybersecurity #GPT #Infosec #OpenAI #PatchManagement #SoftwareSecurity #arint_info
-
RT @OpenAI: Wir erweitern OpenAI Daybreak, um das Patchen von Software mit Sicherheitslücken zu demokratisieren und dies in maschineller Geschwindigkeit zu ermöglichen:
mehr auf Arint.info
#Cybersecurity #GPT #Infosec #OpenAI #PatchManagement #SoftwareSecurity #arint_info
-
RT @OpenAI: Wir erweitern OpenAI Daybreak, um das Patchen von Software mit Sicherheitslücken zu demokratisieren und dies in maschineller Geschwindigkeit zu ermöglichen:
mehr auf Arint.info
#Cybersecurity #GPT #Infosec #OpenAI #PatchManagement #SoftwareSecurity #arint_info
-
RT @OpenAI: Wir erweitern OpenAI Daybreak, um das Patchen von Software mit Sicherheitslücken zu demokratisieren und dies in maschineller Geschwindigkeit zu ermöglichen:
mehr auf Arint.info
#Cybersecurity #GPT #Infosec #OpenAI #PatchManagement #SoftwareSecurity #arint_info
-
The Website App Edition, has also been joined by a deck to assist with threat modelling mobile app software, and the new Companion Edition. The Companion Edition adds suits with attacks related to Agentic AI, Cloud, Frontend, Large Language Models, DevOps and Automated Threats.
OWASP Cornucopia is open source, free to download/use.
2/2
#threatmodelling #threatmodeling #appsec #devops #softwaresecurity #owasp #owasp25thanniversary #cornucopia
-
The Website App Edition, has also been joined by a deck to assist with threat modelling mobile app software, and the new Companion Edition. The Companion Edition adds suits with attacks related to Agentic AI, Cloud, Frontend, Large Language Models, DevOps and Automated Threats.
OWASP Cornucopia is open source, free to download/use.
2/2
#threatmodelling #threatmodeling #appsec #devops #softwaresecurity #owasp #owasp25thanniversary #cornucopia
-
The Website App Edition, has also been joined by a deck to assist with threat modelling mobile app software, and the new Companion Edition. The Companion Edition adds suits with attacks related to Agentic AI, Cloud, Frontend, Large Language Models, DevOps and Automated Threats.
OWASP Cornucopia is open source, free to download/use.
2/2
#threatmodelling #threatmodeling #appsec #devops #softwaresecurity #owasp #owasp25thanniversary #cornucopia
-
The Website App Edition, has also been joined by a deck to assist with threat modelling mobile app software, and the new Companion Edition. The Companion Edition adds suits with attacks related to Agentic AI, Cloud, Frontend, Large Language Models, DevOps and Automated Threats.
OWASP Cornucopia is open source, free to download/use.
2/2
#threatmodelling #threatmodeling #appsec #devops #softwaresecurity #owasp #owasp25thanniversary #cornucopia
-
The Website App Edition, has also been joined by a deck to assist with threat modelling mobile app software, and the new Companion Edition. The Companion Edition adds suits with attacks related to Agentic AI, Cloud, Frontend, Large Language Models, DevOps and Automated Threats.
OWASP Cornucopia is open source, free to download/use.
2/2
#threatmodelling #threatmodeling #appsec #devops #softwaresecurity #owasp #owasp25thanniversary #cornucopia
-
Security Tip: Lock down your software builds by pinning dependencies. 🛡️ Relying on "latest" or loose version ranges is a security risk. Use lockfiles with cryptographic checksums to ensure that the code you tested is exactly what goes into production. This simple step helps prevent dependency confusion and malicious injections. Stay ahead of emerging threats and track vulnerabilities at https://cvedatabase.com #CyberSecurity #InfoSec #DevSecOps #CVE #SoftwareSecurity
-
Security Tip: Lock down your software builds by pinning dependencies. 🛡️ Relying on "latest" or loose version ranges is a security risk. Use lockfiles with cryptographic checksums to ensure that the code you tested is exactly what goes into production. This simple step helps prevent dependency confusion and malicious injections. Stay ahead of emerging threats and track vulnerabilities at https://cvedatabase.com #CyberSecurity #InfoSec #DevSecOps #CVE #SoftwareSecurity
-
Security Tip: Lock down your software builds by pinning dependencies. 🛡️ Relying on "latest" or loose version ranges is a security risk. Use lockfiles with cryptographic checksums to ensure that the code you tested is exactly what goes into production. This simple step helps prevent dependency confusion and malicious injections. Stay ahead of emerging threats and track vulnerabilities at https://cvedatabase.com #CyberSecurity #InfoSec #DevSecOps #CVE #SoftwareSecurity
-
Breaking news! 🚨 #Notepad++ is apparently the Kryptonite of software, now with a zero-click #attack so sneaky, it’s like a ninja in a text editor. 🥷 Meanwhile, GitHub’s #AI #Copilot is standing by, ready to save us from the horrors of traversed paths, because clearly, humans can’t be trusted to code without breaking the universe. 🌌
https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-p58x-r3c9-x9p6 #ZeroClick #Cybersecurity #SoftwareSecurity #HackerNews #ngated -
Breaking news! 🚨 #Notepad++ is apparently the Kryptonite of software, now with a zero-click #attack so sneaky, it’s like a ninja in a text editor. 🥷 Meanwhile, GitHub’s #AI #Copilot is standing by, ready to save us from the horrors of traversed paths, because clearly, humans can’t be trusted to code without breaking the universe. 🌌
https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-p58x-r3c9-x9p6 #ZeroClick #Cybersecurity #SoftwareSecurity #HackerNews #ngated -
Breaking news! 🚨 #Notepad++ is apparently the Kryptonite of software, now with a zero-click #attack so sneaky, it’s like a ninja in a text editor. 🥷 Meanwhile, GitHub’s #AI #Copilot is standing by, ready to save us from the horrors of traversed paths, because clearly, humans can’t be trusted to code without breaking the universe. 🌌
https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-p58x-r3c9-x9p6 #ZeroClick #Cybersecurity #SoftwareSecurity #HackerNews #ngated -
Breaking news! 🚨 #Notepad++ is apparently the Kryptonite of software, now with a zero-click #attack so sneaky, it’s like a ninja in a text editor. 🥷 Meanwhile, GitHub’s #AI #Copilot is standing by, ready to save us from the horrors of traversed paths, because clearly, humans can’t be trusted to code without breaking the universe. 🌌
https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-p58x-r3c9-x9p6 #ZeroClick #Cybersecurity #SoftwareSecurity #HackerNews #ngated -
Breaking news! 🚨 #Notepad++ is apparently the Kryptonite of software, now with a zero-click #attack so sneaky, it’s like a ninja in a text editor. 🥷 Meanwhile, GitHub’s #AI #Copilot is standing by, ready to save us from the horrors of traversed paths, because clearly, humans can’t be trusted to code without breaking the universe. 🌌
https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-p58x-r3c9-x9p6 #ZeroClick #Cybersecurity #SoftwareSecurity #HackerNews #ngated -
Free software is never free. It just charges later. https://zurl.co/izoiP #SoftwareSecurity #RiskManagement
-
Free software is never free. It just charges later. https://zurl.co/izoiP #SoftwareSecurity #RiskManagement
-
Microsoft Unveils AI-Powered Red Teaming Tools to Bolster Software Security
Microsoft is shifting the conversation around AI safety from philosophical debates to hands-on action, empowering developers to build more secure software with innovative tools. With the launch of Rampart, a cutting-edge red-teaming tool, the company is putting AI-powered security into practice, helping developers…
#AipoweredSecurity #RedTeaming #SoftwareSecurity #Microsoft #GenerativeAi
-
Measuring AI Security Effectiveness Proves Elusive
Measuring AI security effectiveness is a complex challenge that can't be reduced to a single score or benchmark. Relying on benchmarks alone simply doesn't work when it comes to safeguarding AI systems.
#AiSecurity #ArtificialIntelligence #Benchmarking #SecurityEffectiveness #SoftwareSecurity
-
AI-assisted code does not move the outage, the audit, or the liability to the model vendor. It moves authorship faster than it moves responsibility.
I wrote about the verification gap, provenance, EU liability pressure, and why enterprise Java teams sit in an awkward middle. https://www.the-main-thread.com/p/ai-code-liability #AIAssistedDevelopment #SoftwareSecurity #Java
-
AI-assisted code does not move the outage, the audit, or the liability to the model vendor. It moves authorship faster than it moves responsibility.
I wrote about the verification gap, provenance, EU liability pressure, and why enterprise Java teams sit in an awkward middle. https://www.the-main-thread.com/p/ai-code-liability #AIAssistedDevelopment #SoftwareSecurity #Java
-
AI-assisted code does not move the outage, the audit, or the liability to the model vendor. It moves authorship faster than it moves responsibility.
I wrote about the verification gap, provenance, EU liability pressure, and why enterprise Java teams sit in an awkward middle. https://www.the-main-thread.com/p/ai-code-liability #AIAssistedDevelopment #SoftwareSecurity #Java
-
AI-assisted code does not move the outage, the audit, or the liability to the model vendor. It moves authorship faster than it moves responsibility.
I wrote about the verification gap, provenance, EU liability pressure, and why enterprise Java teams sit in an awkward middle. https://www.the-main-thread.com/p/ai-code-liability #AIAssistedDevelopment #SoftwareSecurity #Java
-
AI-assisted code does not move the outage, the audit, or the liability to the model vendor. It moves authorship faster than it moves responsibility.
I wrote about the verification gap, provenance, EU liability pressure, and why enterprise Java teams sit in an awkward middle. https://www.the-main-thread.com/p/ai-code-liability #AIAssistedDevelopment #SoftwareSecurity #Java
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
Pi's control layer is now the question. A May 9 research packet documents 2,369 catalog entries, provider routing, and package-trust issues that matter beyond personal use. Who owns the harness? What can change the agent? Teams considering deployment need answers before trust it.
#AIagents #softwaresecurity #opendev
https://www.implicator.ai/pi-the-coding-agent-behind-the-harness-engineering-hype-explained/
-
Pi's control layer is now the question. A May 9 research packet documents 2,369 catalog entries, provider routing, and package-trust issues that matter beyond personal use. Who owns the harness? What can change the agent? Teams considering deployment need answers before trust it.
#AIagents #softwaresecurity #opendev
https://www.implicator.ai/pi-the-coding-agent-behind-the-harness-engineering-hype-explained/
-
Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung -
Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung -
Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung -
Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung -
Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/no-more-blind-trust-in-software -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/no-more-blind-trust-in-software -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/no-more-blind-trust-in-software -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/no-more-blind-trust-in-software -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen -
Security Tip: Your security is only as strong as your deepest dependency. 🛡️
While auditing direct libraries is standard, transitive dependencies (libraries your dependencies rely on) are often overlooked. Regularly generate dependency trees to visualize these hidden layers and identify vulnerable sub-components.
Stay ahead of emerging threats at https://cvedatabase.com
-
Security Tip: Your security is only as strong as your deepest dependency. 🛡️
While auditing direct libraries is standard, transitive dependencies (libraries your dependencies rely on) are often overlooked. Regularly generate dependency trees to visualize these hidden layers and identify vulnerable sub-components.
Stay ahead of emerging threats at https://cvedatabase.com
-
SAP unter Beschuss: Lieferkettenangriff auf npm-Pakete! Gestern, am 29. April 2026, traf ein gezielter Supply-Chain-Angriff – intern "Mini Shai-Hulud" genannt – die SAP-Entwicklungslandschaft. Angreifer schleusten bösartige Versionen dieser Pakete ein, mutmaßlich über einen kompromittierten Entwickleraccount. Dieser Vorfall zeigt einmal mehr: Software-Lieferketten sind kritische Angriffsflächen. #Cybersecurity #SupplyChain #SAP #npm #SoftwareSecurity #Cybercrime
-
SAP unter Beschuss: Lieferkettenangriff auf npm-Pakete! Gestern, am 29. April 2026, traf ein gezielter Supply-Chain-Angriff – intern "Mini Shai-Hulud" genannt – die SAP-Entwicklungslandschaft. Angreifer schleusten bösartige Versionen dieser Pakete ein, mutmaßlich über einen kompromittierten Entwickleraccount. Dieser Vorfall zeigt einmal mehr: Software-Lieferketten sind kritische Angriffsflächen. #Cybersecurity #SupplyChain #SAP #npm #SoftwareSecurity #Cybercrime
-
Warning: CVE-2025-40739 (CWEs: ['CWE-125']) found no CAPEC relationships.
Warning: CVE-2025-40741 (CWEs: ['CWE-121']) found no CAPEC relationships.