"Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution"

https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv

#security #cybersecurity #git

"The new REPL in Python 3.13"

https://treyhunner.com/2024/05/my-favorite-python-3-dot-13-feature/

#python

"Breaking DKIM and BIMI in 2024"

https://16years.secvuln.info/

#security #email #debian #dkim #infosec

"PostgreSQL Database Security Assessment Tool"

https://github.com/HexaCluster/pgdsat

#security #databases #postgresql

"Uncovering potential threats to your web application by leveraging security reports"

https://security.googleblog.com/2024/04/uncovering-potential-threats-to-your.html

#security #web #browsers #frontend #webdev

"Passkey Implementation ... – Misconceptions, Pitfalls and Unknown Unknowns"

https://www.corbado.com/blog/passkey-implementation-pitfalls-misconceptions-unknowns

#authentication #passkeys #webauthn

"Pydantic: Simplifying Data Validation in Python"

https://realpython.com/python-pydantic/

#python

"Django Developers Survey 2023"

https://lp.jetbrains.com/django-developer-survey-2023/

#python #django

"10 Things Your First Security Hire Shouldn’t Do"

https://ramimac.me/ten-things

#security #infosec #cybersecurity #startups

"Exploring the Latest Security Features in Ubuntu 24.04"

https://mondoo.com/blog/exploring-the-latest-security-features-in-ubuntu-24-04

#security #infosec #cybersecurity #ubuntu

"tl;dr Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it’s become one of the largest public sources of leaked secrets. We estimate over 4,000 live credentials are currently leaking publicly on Postman for a variety of popular SaaS and cloud providers."

https://trufflesecurity.com/blog/postman-carries-lots-of-secrets

#security #api #postman #apikeys #cybersecurity

"So do yourself a favour. Get something like bitwarden or if you like self hosting get vaultwarden. Let it generate your passwords and manage them. If you really want passkeys, put them in a password manager you control. But don't use a platform controlled passkey store, and be very careful with security keys."

https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/

Sad to read this.

#passkeys #webauth #authentication #passwordmanagers

"Using Legitimate GitHub URLs for Malware"

https://www.schneier.com/blog/archives/2024/04/using-legitimate-github-urls-for-malware.html

#security #github #cybersecurity

"Data-Hungry Dating Apps Are Worse Than Ever for Your Privacy"

https://foundation.mozilla.org/en/privacynotincluded/articles/data-hungry-dating-apps-are-worse-than-ever-for-your-privacy/

#privacy

"S3 Bucket Encryption Doesn't Work The Way You Think It Works"

https://blog.plerion.com/s3-bucket-encryption-doesnt-work-the-way-you-think-it-works/

#security #encryption #aws #s3

"Security Principles Stand the Test of Time"

https://lcisec.com/posts/2024/03/security-principles-stand-the-test-of-time

#security #cybersecurity #infosec

Flatpak: "Sandbox escape via RequestBackground portal and CWE-88"

https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj

#security #flatpak #linux

"Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers"

https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/

#security #infosec #android #element #matrix

"Django: Write-up on optimizing the system check framework"

https://adamj.eu/tech/2024/03/23/django-optimizing-system-checks/

#python #django

"PuTTY vulnerability vuln-p521-bias"

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

#security #ssh #putty