DevOps Security

DevOps Security

⚠

Mapping the Unknown: Introducing Pius for Organizational Asset Discovery

| | Attack Surface Management, Offensive Security, open source, Open Source Tools, Red Team, Tools & Techniques, Uncategorized
Asset discovery is an essential part of Praetorian’s service delivery process. When we are engaged to carry out continuous external penetration testing, one key action is to build and maintain a thorough ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Anton Chuvakin Interviews D3's Gordon Benoit about Morpheus AI

Your SOC Doesn’t Need More Tools. It Needs Fewer.

| | AI-Autonomous SOC, attack path discovery, Autonomous SOC, CISO, Integration Drift, Morpheus AI, security operations, Security Vendor Consolidation, SOAR, SOC Operations, SOC Tool Sprawl
The average SOC manages 83 security tools from nearly 30 vendors. Why the smartest CISOs are consolidating their security operations, and how D3 Morpheus makes it possible without compromising coverage. The post ...
D3 Security
Lumma, infostealer RATs Reliaquest

Latest OpenClaw Security Risk: Fake GitHub Repositories Used to Deploy Infostealers

| | Bing AI search, GhostSocks malware, GitHub repository, Huntress cybersecurity findings, infostealer malware, macOS threats, OpenClaw, Windows threats
Huntress researchers said actors used a malicious repository on GitHub to lure victims into downloading a bogus OpenClaw installer that delivered infostealer malware and the GhostSocks proxy. The fake installer was given ...
Security Boulevard
application security cloud left integration Shifting DevSec Left with ShiftLeft

Shift Left Has Shifted Wrong: Why AppSec Teams – Not Developers – Must Lead Security in the Age of AI Coding 

| | agent-managed development, AI coding assistants, AI Generated Code, Application Security, AppSec, automated remediation, broad shift left, CI/CD Security, CISO, Compliance, DAST, developer experience, DevSecOps, false positives, narrow shift left, pull-request fixes, SAST, Secure Development, security automation engineers, Security Triage, shift left, vulnerability backlog, Vulnerability Remediation
Narrow “shift left” has failed at AI scale. Move from developer-led fixes to AppSec-managed automation that triages findings and delivers tested pull-request fixes so teams can safely manage AI-generated code ...
Security Boulevard
A graphic visualization of Morpheus AI SOC's architecture

6 Minutes and a Prayer: The Math Your SOC Doesn’t Want You to See

| | AI-Autonomous SOC, Alert Fatigue, alert triage, attack path discovery, Autonomous SOC, CISO, cybersecurity workforce shortage, MITRE ATT&CK, Morpheus AI, security operations, SOAR, SOC Analyst Burnout, SOC Operations, threat detection
Your SOC can't triage every alert — the math proves it. See why 75% of alerts go uninvestigated and how AI-autonomous triage closes the gap. The post 6 Minutes and a Prayer: ...
D3 Security
The Evolution of OSS Index in the Age of AI

The Evolution of OSS Index in the Age of AI

| | AI, Artificial Intelligence, dependencies, Development, open source, Open Source Security, oss index, Sonatype Guide
In the past 12 months, enterprise software development has changed faster than at any other point in our lifetime ...
2024 Sonatype Blog
medusa, Snowflake data breach hacker arrested

Latest OpenClaw Flaw Can Let Malicious Websites Hijack Local AI Agents

| | agentic AI security threats, AI agent, cisco, ClawJacked, Gartner, localhost, Oasis Security, OpenClaw, takeover
Oasis Security researchers find another security problem with the OpenClaw autonomous AI agent, uncovering a vulnerability dubbed "ClawJacked" that allows malicious websites to silently take full control of a developer's system and ...
Security Boulevard
Modern Vulnerability Management in the Age of AI

Modern Vulnerability Management in the Age of AI

| | AI, Artificial Intelligence, open source, Open Source Intelligence, security, Security Vulnerabilities, Vulnerabilities
Vulnerability management today is not failing because teams stopped scanning. It's failing because the ground underneath it shifted. The approach we've relied on — complete advisory data, upstream fixes on demand, and ...
2024 Sonatype Blog
A graphic visualization of Morpheus AI SOC's architecture

SOAR Is Costing More Than You Think

| | AI-SOC, Autonomous SOC, Security Automation, security orchestration, SOAR
SOAR's real cost isn't license plus runtime. It's integration maintenance, playbook engineering, and analyst time. Here's how to find the number you're actually paying. The post SOAR Is Costing More Than You ...
D3 Security
Titus Burp Suite extension showing detected secrets in HTTP proxy traffic

There’s Always Something: Secrets Detection at Engagement Scale with Titus

| | AI Security, open source, Open Source Tools, Tools & Techniques, Vulnerability Research
TL;DR: Titus is an open source secret scanner from Praetorian that detects and validates leaked credentials across source code, binary files, and HTTP traffic. It ships with 450+ detection rules and runs ...
Security Blog | Praetorian
Load more
]