Great blog from Square, on how they built a custom solution for #Kubernetes guardrails on top of Open Policy Agent. This is a perfect example of the flexibility OPA provides organizations to solve the most advanced use cases!

https://developer.squareup.com/blog/kube-policies-guardrails-for-apps-running-in-kubernetes/

Cyber threat: AI code assistants are opening up new supply chain vulnerabilities.

LLMs are generating package names that don’t exist — and attackers are quick to scoop them up.
This tactic — dubbed slopsquatting — is as clever as it is dangerous.

Fake package names created by AI
Threat actors publish malicious lookalikes
Developers unknowingly install backdoors
The fix: verify everything, especially autogenerated code

This is where secure coding and secure prompting must intersect.

#AI #DevSecOps #SoftwareSupplyChain #CyberSecurity #AIInDevelopment
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/

-> https://github.com/github/audit-actions-workflow-runs

This looks super useful for auditing when, and what was used.
Great for security hygiene and investigating potential incidents within your CI/CD pipelines.
#devsecops #github #security #automation #devsecops

Excited for #OWASP Global #AppSec EU in May? Elevate your experience with mentoring! Join us as a Mentor and create a year long connection helping others! Get involved here: https://owasp.wufoo.com/forms/zk2cdkr1qla6o8/ #CyberSecurity #AI #threatmodeling #Barcelona #devsecops #infosec

AI-generated code is fast—but is it secure?

In this Redefining CyberSecurity episode, we talk vibe coding, developer responsibility, and why security teams need to assume they already have AI-built code in their stack.

Featuring Izar Tarandach + Sean Martin on @ITSPmagazine

Watch here: https://youtu.be/Lv2NTAj3WIY

Are you ready for #OWASP Global #AppSec EU? Be part of the action as a volunteer! Your contribution can make a real impact. Fill out the form today to join something incredible! Don't miss out, sign up here: https://owasp.wufoo.com/forms/z1jihpei0ws2e3v/ #devsecops #threatmodeling #infosec

Going Live in 15 Minutes — Come Join Us!

I’m about to tune in for a live ITSPmagazine webinar that dives into a topic I truly care about:

Secure Coding = Developer Empowerment

It’s not just about reducing risk — it’s about investing in developers, boosting velocity, and building better software from the start.

Today – April 18

Hosted by ITSPmagazine

In partnership with Manicode Security

Jim Manico

Jimmy Mesta

Sean Martin, CISSP

Will be talking about:

Why most developers never get proper secure coding training

How to get leadership buy-in for better dev security

Why this isn’t just security—it’s a career boost

If you’ve got time, join us live. If not, watch it on demand. Either way, it’s a conversation worth having.

Join here:

https://www.crowdcast.io/c/secure-coding-equals-developer-power-how-to-convince-your-boss-to-invest-in-you-an-itspmagazine-webinar-with-manicode-security-ad147fba034a

#ApplicationSecurity, #DeveloperEmpowerment, #SecureCoding, #DevSecOps, #softwaresecurity, #cybersecurity, #infosec, #ITSPmagazine

Are you looking for a new remote job? Browse 400+ remote positions from open source companies including @acquia @grafana @mozilla @wikimediafoundation and more on #OSJH
https://opensourcejobhub.com/jobs/?q=remote&utm_source=mosjh
#career #OpenSource #engineer #sales #security #marketing #CloudNative #developer #DevSecOps #SRE #FOSS

A tiny flaw, a massive heist. CTO Paul Edward shares his harrowing experience with race conditions at #DevConf2025. Live demos, real code examples, and hard-earned lessons from a security expert who's seen the worst-case scenario firsthand. #AppSecurity #DevSecOps

The #KubeCon recordings are now on YouTube! We'll be posting links to all the #OpenPolicyAgent related ones as we watch them. First out is the #OPA maintainer track session, where @charlieegan3 and @anderseknert give a short introduction to OPA and Rego, followed by a deep-dive into recent performance improvements, and a sneak peek at the project roadmap. Check it out!

https://www.youtube.com/watch?v=XtA-NKoJDaI

The Landmark Admin Data Breach: A Wake-Up Call for Cybersecurity in the Insurance Sector

The recent data breach at Landmark Admin, affecting over 1.6 million individuals, highlights significant vulnerabilities within the insurance industry's cybersecurity frameworks. As third-party admini...

https://news.lavx.hu/article/the-landmark-admin-data-breach-a-wake-up-call-for-cybersecurity-in-the-insurance-sector

El lado del mal - Cómo servir modelos de ML e IA (LLMs) en Kubernetes con KServe: Autoscaling Inteligente y Eficiencia en GPU https://www.elladodelmal.com/2025/04/como-servir-modelos-de-ml-e-ia-llms-en.html #IA #AI #LLM #InteligenciaArtificial #SecDevOps #Axebow #DevOps #DevSecOps #MachineLearning #ML

Are you ready for #OWASP Global #AppSec EU? Be part of the action as a volunteer! Your contribution can make a real impact. Fill out the form today to join something incredible! Don't miss out, sign up here: https://owasp.wufoo.com/forms/z1jihpei0ws2e3v/ #devsecops #threatmodeling #infosec

Supercharge Your DevSecOps with Wazuh: The Open Source XDR Solution

In an era where security breaches are rampant, integrating security into the DevOps pipeline is no longer optional. Wazuh, an open-source XDR platform, enhances DevSecOps by providing comprehensive mo...

https://news.lavx.hu/article/supercharge-your-devsecops-with-wazuh-the-open-source-xdr-solution