A walk through of how an attacker gained access to a customer's GCP environment, Expel's investigative process, and some key takeaways for securing your organization.

The Sigstore project has created a new tool called Gitsign, which aims to bring the best of Sigstore to Git with "keyless" signing and transparency log support, making it easy to get started with signing without the need to generate and manage long-term keys.

Post introducing a small command line utility (spiffe-vault) that enables a whole bunch of usecases like: Secretless deployments, Keyless codesigning, Keyless encryption.

Wiz Research details how cloud middleware use across cloud service providers can expose customers' virtual machines to new attack vectors.

This blog describes the technical details of SynLapse, a critical Synapse Analytics vulnerability in Microsoft Azure which allowed attackers to bypass tenant separation.

The Aqua Security team found that tens of thousands of user tokens are exposed via the Travis CI API, which allows anyone to access historical clear-text logs. More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub.

With this analysis, Tempest researchers identified at least 41 actions that can lead to improper data access.

Rego is the purpose-built declarative policy language that supports Open Policy Agent (OPA). It's used to write policy that is easy to read and easy to write.

A post going through a few top rules and best practices in AWS IAM.

Cilium HA Egress Gateway can integrate legacy applications with Kubernetes based workloads, by allowing you to specify which nodes should be used by a pod to reach the outside world.

A tool to simulate Amazon EC2 instance metadata.

mirrord lets you easily mirror traffic from your production environment to your development environment.

SOCless is a serverless framework built to help security teams easily automate their incident response and operations workflows.

On July 5, 2022, the AWS managed policy AWSConfigRole will be deprecated. It will continue working for all currently attached users, groups, and roles. However, after July 5, 2022, the AWSConfigRole managed policy can't be attached to any new users, groups, or roles.

This workshop takes you through some of the best practices and available AWS services and features for creating a boundary around your resources in AWS.

How to leverage Amazon CodeGuru Reviewer Command Line Interface (CLI) to integrate CodeGuru Reviewer into your Jenkins Continuous Integration & Continuous Delivery (CI/CD) pipeline.

Confidential GKE Nodes keep data encrypted in memory with a node-specific dedicated key that solely resides in the processor.

Google announced gcpdiag, an open source tool to detect configuration issues in Google Cloud projects, maintained by Google Cloud Support team and with contributions from the open source community.

A bird's eye view of Google Cloud infrastructure security and some services that help protect your infrastructure in Google Cloud.

It is now possible to delegate and distribute Cloud DNS zone management responsibilities to your application teams.

Web Application Firewall (WAF) policy management in Azure Firewall Manager is now generally available.