This week's articles
The Clean Source Principle and the Future of Identity Security
The Clean Source Principle gives us a simple but powerful lens: security dependencies must be as trustworthy as the objects they secure. When that rule is violated, attack paths emerge. An exploration of GitHub, Entra, and Active Directory shows how easily these violations occur, and how they compound across platforms.
#attack
#defend
#supply-chain
Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844
This article details a critical Redis vulnerability (CVE-2025-49844) discovered by Wiz Research that allows attackers to escape the Lua sandbox and execute arbitrary code on hosts. The 13-year-old bug affects all Redis versions and has a CVSS score of 10.0.
#attack
Terraform Actions: Deep-Dive
With Terraform actions you can now perform operations outside of the normal CRUD (Create-Read-Update-Delete) workflow of Terraform. Enabling operations that interact with your resources in ways you normally use other tools for, e.g. Ansible.
#terraform
#iac
#explain
Cosign v3 is now available
This article announces Cosign v3, which makes new capabilities like offline verification, key rotation, and transparency log sharding on by default, with plans for Cosign v4 to remove old functionality entirely.
#announcement
#supply-chain
Auditing user activity in pods and nodes with the Security-Profiles-Operator
This article introduces Security-Profiles-Operator's new audit logging feature, which addresses a security gap by recording user activities inside containers and on host nodes during kubectl debugging sessions, providing detailed JSON logs for compliance and incident investigation.
#kubernetes
#monitor
|