New one coming and that is in collaboration with GitGuardian I hope you all will like it !! 🤟🏻🫶✌🏻

😂

Tout comprendre à l'industrie du ransomware et pourquoi le secteur de la santé est une cible privilégiée↩️

The Okta hack that keeps on giving! Cloudflare announced a new data breach today in it's continued battle against creds stolen during a previous Okta hack Let's dig in:

Les craintes concernant le Cyber Resilience Act de l'UE sont-elles justifiées ? Une tribune proposée par Thomas Segura, spécialiste cybersécurité de GitGuardian. 👇 maddyness.com/2024/02/12/les…

Really good analysis by Thomas Segura & @[email protected] Dwayne McDaniel of GitGuardian on how stolen @Okta authentication tokens led to the Cloudflare breach. Breach illustrates the threat of secrets sprawl: sensitive data spread across many platforms w/o adequate #infosec. cybersec.gitguardian.com/s/the-secret-s…

Every year, I publish a State of Culture report. This year something disturbing is happening. I used to worry about the trade-off between art and entertainment—but now a third option threatens to overwhelm both.

@levelsio What a cognitive dissonance. With an instant response, it no longer feels like a conversation, human becomes a slow ant for who the machine impatiently waits. I am surprised by how much I dislike this feeling and would prefer artificial slowdown.

Nearly 2 out of 3 AWS organizations are still using long-lived credentials for authentication in their CI/CD pipelines. Read Datadog, Inc.’s DevSecOps study to learn more: datadoghq.com/report/facts/s…

AWS needs to stop charging for 4xx requests to s3 buckets immediately. In GitHub here are 63k references to us-east-1 buckets alone. Anyone can start racking up massive bills for these users with a simple PUT request! This is insane: medium.com/@maciej.pocwie…

Computer science used to be about making the most useful result out of the least amount of compute. But now due to AI it turned into exact opposite: use the most amount of compute to accomplish the dumbest piece of questionable result. The dumber and more compute, the better.

This was the result of the classic pull_request_target trigger + checking out the forked repo's code. If you want details on how this works, you can check out the webinar I did with GitGuardian in 2022 where I walk through how to perform this exploit. youtu.be/f_gBWAPwjug

Préoccupations de #sécurité et de #confidentialité de #GitHub #Copilot : comprendre les risques et les meilleures pratiques itsocial.fr/cyber-securite… Thomas Segura GitGuardian

Book I co-authored for GitGuardian is here!

COMPUTER WEEKLY GitGuardian gives 'voice' to AppSec on hard-coded secrets computerweekly.com/blog/CW-Develo… ComputerWeekly GitGuardian

infisical.com/blog/solving-s…

🧵 Self-hosting is trending in 2025, but one security challenge remains: managing sensitive credentials. Here's how to use Infisical to secure your #homelab👇 (1/6)

Most MCP servers need to juggle API keys, database credentials, and other secrets to function properly. Yet, I'm seeing most people not know how to secure them and even hardcode secrets for their MCP implementations. From now on, you can now manage it easily with Infisical.

Hier, j'ai eu la chance de donner un talk sur Infisical à DevoxxFR. 🤘 Pour celles et ceux que ça intéresse, voici les slides ainsi que le code : 👉🏼 speakerdeck.com/ju_hnny5/devox… 👀 github.com/juhnny5/Devoxx…

this is why AI is both amazing and a slop machine at the same time the differentiating factor is not AI. it's the human steering it AI does two things - it raises the floor of human capability. anyone can now code, design, and create stuff - it amplifies the human when the