Intro Hey everyone! Hope you’re doing great! This week’s edition is packed with a mix of interesting vulnerabilities, cutting-edge security research, and key industry updates that you won’t want to miss. We kick things off with an in-depth look at a PyPI supply chain attack that put 22,000 packages at…
Intro Hey everyone! My son was born this weekend, and I’m incredibly proud! I spent a few days in the hospital taking care of my wife and our little one. I’m proud of both of them — the birth went smoothly, and they both did an amazing job. That’s why…
Intro Hi everyone! In this edition, I highly recommend an article about Cross-Origin Resource Sharing (CORS). It’s an excellent resource for web application developers and web security enthusiasts, as it covers the fundamental aspects of CORS in detail. If you’re interested in CI/CD security or use GitHub services, I suggest…
Intro Hi everyone! This edition covers some crucial cybersecurity topics. Check Point Research has revealed a sophisticated malware distribution network, Stargazers Ghost Network, using GitHub for phishing repositories. Additionally, a malicious Python package targeting macOS developers to steal Google Cloud Platform credentials was uncovered, emphasizing the need for vigilance in…
Intro Hi!I hope you were not affected by the recent faulty update from CrowdStrike. If you were, I hope you were able to quickly react and restore your critical systems to an operational state. In this edition, I’ve included a few hot topics. Aside from the CrowdStrike BSOD, you will…
Explaining one of the most common web API vulnerability classes — Broken Function Level Authorization in a practical manner. Providing a case study example based on the Damn Vulnerable RESTaurant API, including methods for identifying and preventing these vulnerabilities.
Intro Hi!The last few days have been full of news and articles about the RegreSSHion vulnerability, which affects hundreds of thousands of OpenSSH services. In this newsletter, you can find an article summarizing the vulnerability along with recommended remedial actions. If you’re working in Application Security field, I recommend taking the OWASP Top 10 Quiz to…
Intro Hi!The weekend is coming and I have a couple of articles worth to read. In the articles you will find Mandiant research on recent attacks targeting Snowflake instances which is great for both technical and less technical readers, it may help you to understand recent breaches at Santander and Ticketmaster. If you’re building…
Presenting an Unrestricted Resource Consumption vulnerability class using a password reset feature as an example.
Intro Hi!In this DevSec Selection episode, you will find some recent CVE proof of concepts, affecting GitLab and PHP, a guide to a Nuclei DAST. Also, at the end I added articles about recent breaches at Santander and Hugging Face, plus an article about serious security concerns of Microsoft Recall feature released recently. Also, in…
Software Engineer and Security Researcher, writing about application security in SDLC and DevSecOps 🔐
