A list of vendors that don't prioritize high-quality, widely-available audit logs for security and operations teams.

An overview of malware in cloud storage buckets and mitigation best practices.

A deep dive into the inner workings of GCP Workload Identity Federation, taking a look at risks and how to avoid misconfigurations.

A technical review of IMDSv2.

How to secure Kubernetes Ingress resources by adding TLS and then procuring TLS/SSL certificates.

Have you ever wondered how to set up a cluster of thousands of nodes just in seconds, how to simulate real nodes with a low resource footprint, and how to test your Kubernetes controller at scale without spending much on infrastructure? If you answered "yes" to any of these questions, then you might be interested in KWOK, a toolkit that enables you to create a cluster of thousands of nodes in seconds.

Policy Exceptions are a way to provide even more control over which resources get excluded from the scope of a policy but, most importantly, they allow decoupling of the policy from those exclusions.

The containerd project completed a comprehensive fuzzing audit which added 28 fuzzers covering a wide range of container runtime functionality. During this audit a vulnerability was uncovered in the OCI image importer.

This CLI tool makes it easy to deploy a static website to AWS. It builds and hosts the website, sets up a CDN and DNS, and provisions an SSL certificate.

Create notes during a security code review in VSCode, import your favorite SAST tool findings, and collaborate with others.

Flags malicious and vulnerable open-source dependencies in your software supply-chain.

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets.

Using these three actions, you can assemble a workflow to create, use, and destroy infrastructure managed by Terraform Cloud.

Some notes on Security Groups, ACLs, and VPC Flow Logs.

Post focusing on Security Hub, is a cloud security posture management service that SOC teams can use to perform security best practice checks and aggregate alerts.

Several industry-standard mechanisms can help prevent your domain from being used as part of a phishing attack.

Google Cloud has released a guide on best practices to help you migrate firewall rules from VPC firewall rules to network firewall policies.

How to use a score-based evaluation during the pre-provisioning stage.

You can now monitor changes in network group membership by accessing event logs.

ACI now lets you run containers in a trusted execution environment (TEE).

Azure Kubernetes Service (AKS) now supports pod sandboxing in preview in all Azure regions on a subset of Azure VM Sizes that support Nested Virtualization.