Threat Detection in Kubernetes with Falco
Finding out there is "suspicious activity" in your infrastructure is enough to make any DevOps engineer's heart rate spike. If you’re running containe…
Latest News
⚑ Report a ProblemTech news from the best sources
All topics
- игры
AI
Gear
News
Tech
agents
ai
api
architecture
automation
beginners
career
claude
devchallenge
devops
javascript
llm
machinelearning
mcp
opensource
performance
productivity
programming
python
react
security
showdev
tutorial
typescript
webdev
Automate Kubernetes Image Vulnerability Scanning
Security in a cloud-native environment is only as strong as its weakest link. A recent security audit revealed a critical gap: container images were b…
[Перевод] Cilium и защита CI/CD: как опенсорс-проект уровня ядра Kubernetes защищает свою цепочку поставок
Cilium работает в сетевом пути уровня ядра в миллионах Kubernetes-pod'ов: от облачных провайдеров до собственных кластеров банков и телекомов. Если бы…
Больше, чем просто безопасность, или Зачем контролировать зависимости
Привет, Хабр! Меня зовут Артём Бердашкевич, в Positive Technologies руковожу направления DevSecOps. Сегодня хочу поговорить о теме, которая с годами с…
I Scanned a Vulnerable Kubernetes Cluster with 9 Engines — The AI Filter Caught Everything
I run Debuggix, a free security scanner that runs 9 engines in parallel. For Episode 3 of our "Verified or Not" series, we scanned Kubernetes Goat — a…
Kubernetes-аудит после Wiz и Prisma: как живут без CNAPP в 2026
В 2022–2024 западные CNAPP-платформы — Wiz, Prisma Cloud, Lacework — закрыли доступ для российских компаний. Сбер и Яндекс собрали свой стек на коленк…
The real attack surface for AI coding agents is the config file
If you think the security risk of AI coding agents (Claude Code, Cursor, Gemini CLI) is "the model goes rogue and runs a dangerous command," the serio…
Why your vulnerability dashboard is lying to you (and how to fix it)
You open your vulnerability dashboard on a Monday morning and see 47 critical CVEs across 12 assets. By Thursday, your team has patched 11 of the 12 a…
Building Agentra, An Enterprise AI Engineering Control Plane for Secure Coding Agents
Open source repository: https://github.com/arijeetganguli/agentra PyPI: https://pypi.org/project/agentra/ AI coding agents are becoming part of everyd…
Automate LLM Red Team Campaigns with PyRIT
If you're still testing LLM guardrails by hand — retyping variations in a chat tab, logging results in a notebook, eyeballing responses — you're leavi…
Causa GitHub, or: Your Editor Extensions Run as You
Wire Fire — Episode 02 On 18 May 2026 an attacker published a poisoned version of a popular Visual Studio Code extension. It was live for roughly elev…
How We Got a CISA GitHub Leak Taken Down in Under a Day
On May 14, 2026, GitGuardian found what looked like leaked CISA secrets in a public GitHub repository named Private-CISA. It held 844 MB of data acros…
Взлом GitHub-репозиториев Grafana Labs: как атака на цепочку поставок npm привела к краже кодовой базы и вымогательству
Часть I: Первопричина - атака Mini Shai-Hulud на экосистему TanStack Цепочка поставок как вектор атаки 11 мая 2026 года, в промежутке с 19:20 до 19:26…
The Agent That Created 107 PRs (And Why That Was the Problem)
The Agent That Created 107 PRs (And Why That Was the Problem) One of our leaders has a way of framing AI initiatives that I find genuinely useful. Thr…
Веб vs Мобилка: кто в опасности? Сравниваем безопасность двух миров
Спойлер: оба, но по-разному - и это важно понимать. Каждый раз, когда слышим «у нас все нормально с безопасностью, мы же не банк», что-то внутри сжима…
Digital Signatures: The “Trust Me Bro” Detector for Junior Cybersecurity Engineers
Digital Signatures: The “Trust Me Bro” Detector for Junior Cybersecurity Engineers Subtitle: How digital signatures help prove who signed something, w…
A Practical Terraform Security Review with Codex and Claude Code
A Practical Terraform Security Review with Codex and Claude Code A Terraform repository is not just code. It is a map of your cloud control plane. It …
Clinejection: When Your AI Coding Tool Became the Weapon
This article was originally published on LucidShark Blog . On February 17, 2026, a developer opened a GitHub issue on the Cline repository. The issue …
We built a free open source alternative to Wiz for Azure — here is how it works
Enterprise cloud security tools like Wiz, Prisma Cloud, and Microsoft Defender for Cloud cost upwards of $500,000 per year. Most organisations running…
How I Discovered and Deobfuscated a Hidden PHP Backdoor on My Server
As developers and system architects, we often secure our code but neglect the silent threats lurking in old directories or clever obfuscations. Recent…
DevSecOps Pipeline in a Day: Automated Security from Commit to Deploy
Security that happens after deployment is already too late. By the time a quarterly penetration test discovers hardcoded secrets, vulnerable container…
Why Strict "Zero Trust" Breaks Secret Management (And How We Built a Zero-Persistence Vault Instead)
This is a technical deep dive into the cryptography behind Ennote's enterprise architecture. You can read the original full-length post on our enginee…
Утопали в дефектах, пока собирали «единое окно»
«У нас было два пакета findings SAST’а, семьдесят пять CVE с критичностью — Critical, пять дублей одной и той же CVE в разных сервисах, пол солонки fa…
Vulnerability Remediation Prioritization — How to Handle Hundreds of CVEs Without Getting Overwhelmed
You just ran a dependency scan and the report shows 133 vulnerabilities. 34 are Critical. 68 are High. The dashboard is red, the backlog is exploding,…
Один ИИнженер – десять рук: как мы исследовали LLM в AppSec
Всем привет, на связи Solar appScreener! В этой статье расскажем о нашем опыте использования ИИ в нашем собственном продукте. ИИ-агенты уже стали неот…
🔐Enforcing image provenance in Kubernetes using Cosign + Sigstore + Kyverno
What if your Kubernetes cluster simply refused to run unsigned images? I spent some time experimenting with enforcing image provenance in a small Kube…
Auth regression tests for CI: what to assert and why
Most teams I have worked with have one auth test in their suite. It looks like this: test ( ' valid token verifies ' , () => { const token = signSy…
We rotated our JWKS without overlap. Here is the 4-minute window that broke prod.
The on-call alert at 02:14 said auth_5xx_rate spiked from 0.01 to 31.4 . Not a deploy window. Not a traffic spike. Just thirty-one percent of authenti…
Three JWT bugs that ship to prod silently — and the 5-line CI test that catches them
Your auth tests pass. Your token verification works. Then your identity provider rotates a key at 02:47, your service hasn't refreshed its JWKS cache …