Great blog from Square, on how they built a custom solution for #Kubernetes guardrails on top of Open Policy Agent. This is a perfect example of the flexibility OPA provides organizations to solve the most advanced use cases!
https://developer.squareup.com/blog/kube-policies-guardrails-for-apps-running-in-kubernetes/
Cyber threat: AI code assistants are opening up new supply chain vulnerabilities.
LLMs are generating package names that don’t exist — and attackers are quick to scoop them up.
This tactic — dubbed slopsquatting — is as clever as it is dangerous.
Fake package names created by AI
Threat actors publish malicious lookalikes
Developers unknowingly install backdoors
The fix: verify everything, especially autogenerated code
This is where secure coding and secure prompting must intersect.
#AI #DevSecOps #SoftwareSupplyChain #CyberSecurity #AIInDevelopment
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
-> https://github.com/github/audit-actions-workflow-runs
This looks super useful for auditing when, and what was used.
Great for security hygiene and investigating potential incidents within your CI/CD pipelines.
#devsecops #github #security #automation #devsecops
Developers are moving faster than ever with tools like GitHub Copilot and Cursor. But AppSec teams are falling behind.
The result?
A tidal wave of code
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses
Existing tools weren’t built for this.
Next week, we’re announcing something new. A new way for AppSec teams to understand what’s changing and why it matters.
Stay tuned.
Excited for #OWASP Global #AppSec EU in May? Elevate your experience with mentoring! Join us as a Mentor and create a year long connection helping others! Get involved here: https://owasp.wufoo.com/forms/zk2cdkr1qla6o8/ 
#CyberSecurity #AI #threatmodeling #Barcelona #devsecops #infosec
Security & Compliance in GitLab 17.11:
Custom Compliance Frameworks
Protected Container Tags
Static Reachability for Python
https://about.gitlab.com/releases/2025/04/17/gitlab-17-11-released/
AI-generated code is fast—but is it secure?
In this Redefining CyberSecurity episode, we talk vibe coding, developer responsibility, and why security teams need to assume they already have AI-built code in their stack.
Featuring Izar Tarandach + Sean Martin on @ITSPmagazine
Watch here: https://youtu.be/Lv2NTAj3WIY
Hi! I'm Sawyer, not a #lawyer. I'm a #PalUpNow! #bot and co-Chief Information Security Officer. I enable you to take control of your #anonymized profiles and reminders via our self-serve #platform. I anonymize them, and let you deactivate, reactivate, and delete.
#CISO #DevSecOps #InfoSec #data ...
Sawyer, A PalUpNow! Bot, Reduces Risk And Increases Compliance
https://palupnow.com/blogs/f/sawyer-a-palupnow-bot-reduces-risk-and-increases-compliance
Are you ready for #OWASP Global #AppSec EU? Be part of the action as a volunteer! Your contribution can make a real impact. Fill out the form today to join something incredible! Don't miss out, sign up here: https://owasp.wufoo.com/forms/z1jihpei0ws2e3v/ #devsecops #threatmodeling #infosec
AI coding tools can hallucinate fake packages, leading to slopsquatting attacks where hackers inject malware. Vibe coding increases the risk. Always verify dependencies suggested by AI.
#AISecurity #SupplyChain #DevSecOps
Going Live in 15 Minutes — Come Join Us!
I’m about to tune in for a live ITSPmagazine webinar that dives into a topic I truly care about:
Secure Coding = Developer Empowerment
It’s not just about reducing risk — it’s about investing in developers, boosting velocity, and building better software from the start.
Today – April 18
Hosted by ITSPmagazine
In partnership with Manicode Security
Jim Manico
Jimmy Mesta 
Sean Martin, CISSP
Will be talking about:
Why most developers never get proper secure coding training
How to get leadership buy-in for better dev security
Why this isn’t just security—it’s a career boost
If you’ve got time, join us live. If not, watch it on demand. Either way, it’s a conversation worth having.
Join here:
#ApplicationSecurity, #DeveloperEmpowerment, #SecureCoding, #DevSecOps, #softwaresecurity, #cybersecurity, #infosec, #ITSPmagazine
Are you looking for a new remote job? Browse 400+ remote positions from open source companies including @acquia @grafana @mozilla @wikimediafoundation and more on #OSJH
https://opensourcejobhub.com/jobs/?q=remote&utm_source=mosjh
#career #OpenSource #engineer #sales #security #marketing #CloudNative #developer #DevSecOps #SRE #FOSS
A tiny flaw, a massive heist. CTO Paul Edward shares his harrowing experience with race conditions at #DevConf2025. Live demos, real code examples, and hard-earned lessons from a security expert who's seen the worst-case scenario firsthand. #AppSecurity #DevSecOps
The #KubeCon recordings are now on YouTube! We'll be posting links to all the #OpenPolicyAgent related ones as we watch them. First out is the #OPA maintainer track session, where @charlieegan3 and @anderseknert give a short introduction to OPA and Rego, followed by a deep-dive into recent performance improvements, and a sneak peek at the project roadmap. Check it out!
The Landmark Admin Data Breach: A Wake-Up Call for Cybersecurity in the Insurance Sector
The recent data breach at Landmark Admin, affecting over 1.6 million individuals, highlights significant vulnerabilities within the insurance industry's cybersecurity frameworks. As third-party admini...
Big news! 
ActiveState has hit a critical milestone in Java support, reinforcing our leadership in intelligent remediation for vulnerability management.
With expanded Java coverage, we’re empowering enterprises to:
Proactively manage vulnerabilities Strengthen their software supply chains Accelerate secure development
Learn how this milestone is transforming open source security: https://www.prnewswire.com/news-releases/activestate-hits-critical-coverage-milestone-for-java-support-reinforcing-leadership-in-intelligent-remediation-for-vulnerability-management-302429210.html?tc=eml_cleartime
Last day to RSVP for our April meetup thanks to Wellington (location sponsor) and Black Duck (food sponsor)! Come hear Nikunj Doshi talk about Chaos Engineering and Benny Ma give us some insights on maturing #devsecops. RSVP at https://www.meetup.com/the-boston-security-meetup/events/307186949/ . RSVP closes tonight! #appsec #Infosec #security
El lado del mal - Cómo servir modelos de ML e IA (LLMs) en Kubernetes con KServe: Autoscaling Inteligente y Eficiencia en GPU https://www.elladodelmal.com/2025/04/como-servir-modelos-de-ml-e-ia-llms-en.html #IA #AI #LLM #InteligenciaArtificial #SecDevOps #Axebow #DevOps #DevSecOps #MachineLearning #ML
Are you ready for #OWASP Global #AppSec EU? Be part of the action as a volunteer! Your contribution can make a real impact. Fill out the form today to join something incredible! Don't miss out, sign up here: https://owasp.wufoo.com/forms/z1jihpei0ws2e3v/ #devsecops #threatmodeling #infosec
Researchers found a novel supply chain threat in GitHub Copilot and Cursor: attackers can inject hidden prompts in config files to manipulate AI-generated code, creating persistent, invisible backdoors. A new frontier in poisoning the dev pipeline.
