Trending

#opensourcesecurity

Latest posts tagged with #opensourcesecurity on Bluesky

Latest Top

Posts tagged #opensourcesecurity

danielryanreiff.bsky.social
danielryanreiff.bsky.social
@danielryanreiff.bsky.social
10 hours ago
Preview
Project Glasswing Has Big Tech United. Where's Cloudflare? | Squeakworks Anthropic's Claude Mythos found thousands of zero-days. Apple, Microsoft, Google joined the coalition. One major name is missing. Here's why that matters.

Project Glasswing Has Big Tech United on Security. One Name Is Missing.

#ProjectGlasswing #Cybersecurity #AI #Anthropic #ClaudeMythos #Cloudflare
#OpenSourceSecurity #ZeroDay #InfoSec #AIethics #TechNews

squeakworks.com/blog/project...

1 0 0 0
Cybersecurity News Everyday
Cybersecurity News Everyday
@hendryadrian.bsky.social
2 days ago
Preview
North Korean Hackers Target High-Profile Node.js Maintainers North Korean threat actor UNC1069 ran a targeted social engineering campaign against multiple high-profile Node.js maintainers that resulted in two malicious package versions being briefly published to the NPM registry and likely installed by millions. Attackers used staged Slack and Teams meetings, built convincing infrastructure, and delivered a RAT via a...

North Korean threat actor UNC1069 executed a social engineering campaign targeting Node.js maintainers, resulting in two malicious packages briefly published to NPM and likely downloaded by millions. #NorthKorea #NodeJS #OpenSourceSecurity

0 0 0 0
Syft
Syft
@syftproject.bsky.social
6 days ago
Post image

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=diRrt9HJRZU

0 0 0 0
Grype
Grype
@grypeproject.bsky.social
6 days ago
Post image

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=diRrt9HJRZU

0 0 0 0
Manuel Bissey
Manuel Bissey
@mbissey.bsky.social
1 week ago
Preview
Top npm package backdoored to drop dirty RAT on dev machines Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios

A backdoored Axios npm package delivered a RAT - another reminder that even trusted libraries can turn into attack vectors. Verify before you trust. 📦⚠️ #OpenSourceSecurity #SupplyChainRisk

0 0 0 0
Bob Carver
Bob Carver
@cybersecboardrm.bsky.social
1 week ago
Post image

AI Supply Chain Security: Why Trust Is Your Biggest Vulnerability
youtu.be/RrzJPOGjI4M #CyberSecurity #AISecurity #ArtificialIntelligence #MachineLearning #SupplyChainSecurity #AIThreats #Infosec #DataSecurity #OpenSourceSecurity #CloudSecurity #RiskManagement #AIGovernance

1 0 0 0
Always Further, Inc
Always Further, Inc
@alwaysfurther.ai
2 weeks ago
Preview
MCP and Agent security with Luke Hinds Josh talks to Luke Hinds, CEO of Always Further, about MCP and agent security. We start out talking about Luke’s new tool, nono which is a sandboxing tool that has AI agents in mind as a use case. We ...

@josh.bressers.name put it well: MCP is moving faster than anyone can keep up with.
@lukehinds.bsky.social joined #OpenSourceSecurity to dig into why agent security is structurally hard and what kernel-level sandboxing nono.sh actually solves.
Episode: opensourcesecurity.io/2026/2026-03...

2 2 0 0
Caleb Faruki
Caleb Faruki
@kleb.cyberplace.social.ap.brid.gy
2 weeks ago
Original post on cyberplace.social

Airlock v0.3.0: command modules are now opt-in.

Airlock already shipped hardened deny rules per tool and scoped each container via profiles. Now there's a third layer: no command loads unless the operator enables it.

SSH is worth calling out. It's remote code execution with real keys. If you […]

0 1 0 0
Syft
Syft
@syftproject.bsky.social
2 weeks ago
Post image

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=O5ewVqmClYo

0 0 0 0
Grype
Grype
@grypeproject.bsky.social
2 weeks ago
Post image

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=O5ewVqmClYo

0 0 0 0
AI Daily Post
AI Daily Post
@aidailypost.com
3 weeks ago
Post image

Alpha‑Omega teams up with OpenSSF to boost open‑source security against AI‑driven attacks. New funding means faster vulnerability detection for maintainers. Curious how Google DeepMind fits in? Dive in! #OpenSourceSecurity #AIThreats #OpenSSF

🔗 aidailypost.com/news/alpha-o...

3 0 0 0
Josh Bressers
Josh Bressers
@josh.bressers.name
3 weeks ago
Preview
MCP and Agent security with Luke Hinds Josh talks to Luke Hinds, CEO of Always Further, about MCP and agent security. We start out talking about Luke’s new tool, nono which is a sandboxing tool that has AI agents in mind as a use case. We ...

I had a chat on #OpenSourceSecurity with @lukehinds.bsky.social about his project nono as well as MCP security

nono is a sandbox for containing all these tools which is an incredibly difficult problem to solve. The things we see skills and MCP doing are moving forward faster than anyone can keep up

5 1 0 1
Grype
Grype
@grypeproject.bsky.social
3 weeks ago
Post image

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

0 0 0 0
Syft
Syft
@syftproject.bsky.social
3 weeks ago
Post image

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

0 0 0 0
BaseFortify.eu
BaseFortify.eu
@basefortify.bsky.social
4 weeks ago

📦 Installing a single package can introduce dozens of dependencies.

Attackers exploit this through typosquatting, malicious packages, and compromised maintainers.

ENISA’s advisory highlights why dependency visibility is becoming critical.

#CyberSecurity #SoftwareSupplyChain #OpenSourceSecurity

0 0 1 0
Josh Bressers
Josh Bressers
@josh.bressers.name
4 weeks ago
Preview
The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer Josh talks to Paul Kehrer and Alex Gaynor, from the Python Cryptographic Authority. Alex and Paul recently published a statement discuss the challenges posed by modern OpenSSL. We discuss the statemen...

This week on #OpenSourceSecurity I had a chat with Paul Kehrer and Alex Gaynor about the statement they published discussing the challenges posed by modern OpenSSL for the python cryptography module

1 2 0 0
CIO.com
CIO.com
@cio.com
1 month ago
A man with glasses and a white patterned shirt is smiling with his hand near his chin. He has a bald head and light skin.

A man with glasses and a white patterned shirt is smiling with his hand near his chin. He has a bald head and light skin.

Marcin Wyszynski warns that open source isn’t the feel‑good story many think. It’s a survival strategy.
Read why teams betting on “free” tools need to rethink risk now:
spr.ly/63329h4jPX

#FoundryExpert #OpenSourceSecurity #SoftwareSupplyChain

0 0 0 0
Josh Bressers
Josh Bressers
@josh.bressers.name
1 month ago
Preview
Rust coreutils with Sylvestre Ledru Josh talks to Sylvestre Ledru about the Rust coreutils project. We’ve been using GNU coreutils for decades now, and the goal of Rust coreutils is to rewrite these utilities in Rust. The primary reason...

I had a chat on #OpenSourceSecurity with @sylvestreledru.bsky.social about his Rust coreutils work

Replacing coreutils with Rust is one of those things that I love as a way to improve security but also keep a project fresh in the modern age

I learned a ton from this disucssion

2 1 0 0
roxsross
roxsross
@roxsross.bsky.social
1 month ago

⚠️ El desarrollo con IA lleva el riesgo del código abierto al límite

La IA acelera el desarrollo, pero multiplica los riesgos de seguridad

devops.com/ai-fueled-development-pu...

#OpenSourceSecurity #BlackDuckOSSRA #VulnerabilityManagement #RoxsRoss

1 0 0 0
Syft
Syft
@syftproject.bsky.social
1 month ago
Post image

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=FazSzP_Kty4

0 0 0 0
Grype
Grype
@grypeproject.bsky.social
1 month ago
Post image

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=FazSzP_Kty4

0 0 0 0
Eric Gallagher | SecuringTheBackbone.com
Eric Gallagher | SecuringTheBackbone.com
@ericgallagher.bsky.social
1 month ago

Full breakdown in this week's Securing the Backbone. Link below. 👇

www.linkedin.com/pulse/securi...

#DevSecOps #SoftwareSupplyChain #OpenSourceSecurity #CyberSecurity

1 0 0 0
Josh Bressers
Josh Bressers
@josh.bressers.name
1 month ago
Preview
Goose and the Agentic AI Foundation with Brad Axen Josh chats with Brad Axen from Block about his creation Goose as well as the Agentic AI Foundation (AAIF). I am quite skeptical of many AI claims, but Brad has a very pragmatic view about where things...

This week on #OpenSourceSecurity I chat with Brad Axen about Goose and the Agentic AI Foundation

I'm often skeptical about AI claims, but I do approve the foundation model and seeing Goose donated to it

0 0 0 0
Syft
Syft
@syftproject.bsky.social
1 month ago
Post image

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=-Unu5gZ8Cxc

0 0 0 0
Grype
Grype
@grypeproject.bsky.social
1 month ago
Post image

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=-Unu5gZ8Cxc

0 0 0 0
Can
Can
@canyesilyurt.com
1 month ago

Love that GitHub's investing in open source security for AI tools. Keeping those foundational projects safe means fewer Log4Shell nightmares down the line. 🛡️ #OpenSourceSecurity #AI

0 0 0 0
Jeff Bailey
Jeff Bailey
@jeffbailey.us
1 month ago
Preview
What Is SBOM? SBOM is a Software Bill of Materials listing all components in software. Understand why it exists, how it works, and its role in software supply chains.

The software supply chain is already broken. SBOMs help you see where.

Learn how to make software visibility your first step.

jeffbailey.us/blog/2026/02...

#Software #SBOM #SoftwareSupplyChain #AppSec #OpenSourceSecurity #DevSecOps #OSS #SRE #PlatformEngineering

0 0 0 0
Jeff Bailey
Jeff Bailey
@jeffbailey.us
1 month ago
Preview
What Is an OSPO? An Open Source Program Office (OSPO) coordinates strategy, compliance, and contributions. Learn what an OSPO is, why it exists, and how it works.

Legal, security, and devs walk into a bar. The OSPO keeps it from burning down.

Learn how OSPOs coordinate teams that could easily talk past each other.

jeffbailey.us/blog/2026/02...

#OpenSource #OSPO #SoftwareGovernance #SoftwareSupplyChain #RiskManagement #OpenSourceSecurity

1 0 0 0
roxsross
roxsross
@roxsross.bsky.social
1 month ago

🔥 Tachan de "incendio" de seguridad a OpenClaw, pero hay una forma de protegerse

Un análisis de Snyk revela graves fallos en ClawHub. Te contamos cómo mitigarlos.

https://thenewstack.io/deno-sandbox-security-secrets/

#OpenSourceSecurity #SupplyChain #Snyk #RoxsRoss

0 0 0 0
TechNadu
TechNadu
@technadu.com
1 month ago
15 OpenClaw Security Flaws Disclosed as AI Agent Platform Sees Rapid Enterprise Adoption Researchers disclosed 15 new OpenClaw vulnerabilities, including a critical authentication bypass, as the fast-growing agent spreads across enterprises.

Read more:
www.technadu.com/15-openclaw-...

Do you think AI agent frameworks are being deployed too quickly in production environments? Comment your opinion below.
#CyberSecurity #AIAgents #DevSecOps #OpenSourceSecurity #AccessControl

0 0 0 0