Intro Hey everyone! This year, I’ve shared 22 newsletter editions with you, and I hope you found valuable articles and materials in them. As this is the last edition of the year, I want to wish you a happy and calm Christmas, spent doing your favorite activities. Relax, load your…
Intro Hi everyone! I hope you’re doing great. Recently, we observed a number of high-severity vulnerabilities affecting various popular products.In this newsletter edition, you will find a couple of great technical vulnerability writeups presenting identified security issues with code examples. For anyone interested, I recommend an article about an authentication…
Intro Hey everyone! In this edition, I highly recommend taking a look at the 2023 Top Routinely Exploited Vulnerabilities report from CISA, which highlights the most commonly exploited vulnerabilities over the past year. You’ll also find some fascinating researches, essential one-liner commands for bug bounty hunters, and some interesting open-source…
Intro Hey everyone! I’m excited to bring you this edition packed with insightful cybersecurity materials. From powerful DevSecOps tools to thought-provoking industry discussions, there’s something for everyone this week. First up, let’s take a look at interesting Mixeway Flow, an open-source tool designed to be the Swiss army knife for…
Intro Hey everyone! I hope you’re all doing well. This week, we’re diving into a variety of offensive application security topics, from bug bounty hunting, vulnerability exploitation techniques to AI prompt injection materials. We start with a great resource for beginners interested in bug bounty hunting — a search engine…
Intro Hey everyone, this edition of DevSec Selection contains interesting application security topics for various experts, from web, mobile to DevSecOps. We start with a research presenting how quickly publicly disclosed secrets can be accessed by potential attackers. There is also an intriguing story about security flaws in Kia service…
Intro Hey everyone! Hope you’re doing great! This week’s edition is packed with a mix of interesting vulnerabilities, cutting-edge security research, and key industry updates that you won’t want to miss. We kick things off with an in-depth look at a PyPI supply chain attack that put 22,000 packages at…
Intro Hey everyone! My son was born this weekend, and I’m incredibly proud! I spent a few days in the hospital taking care of my wife and our little one. I’m proud of both of them — the birth went smoothly, and they both did an amazing job. That’s why…
Intro Hi everyone! In this edition, I highly recommend an article about Cross-Origin Resource Sharing (CORS). It’s an excellent resource for web application developers and web security enthusiasts, as it covers the fundamental aspects of CORS in detail. If you’re interested in CI/CD security or use GitHub services, I suggest…
Intro Hi everyone! This edition covers some crucial cybersecurity topics. Check Point Research has revealed a sophisticated malware distribution network, Stargazers Ghost Network, using GitHub for phishing repositories. Additionally, a malicious Python package targeting macOS developers to steal Google Cloud Platform credentials was uncovered, emphasizing the need for vigilance in…
Software Engineer and Security Researcher, writing about application security in SDLC and DevSecOps 🔐
