%term

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

What is CMMC compliance?

Jun 6, 2025 By Henry Coggill In Canonical

The Cybersecurity Maturity Model Certification, or CMMC for short, is a security framework for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations. The CMMC compliance requirements map to the set of controls laid out in the NIST SP 800-171 Rev 2 and NIST SP 800-172 families.

Read Post

Canonical

Read more about What is CMMC compliance?

Secure Docker Image Pulls from Cloudsmith to Kubernetes using OIDC

Jun 6, 2025 By Ian Duffy In Cloudsmith

Pulling Docker images from private registries for containerised applications presents a security challenge. It requires authentication management, network access, and trust across distributed systems. Credentials must be securely handled and rotated, and image pulls can break due to network restrictions or expired tokens. All of this makes deployment and security harder.

Read Post

Cloudsmith

Read more about Secure Docker Image Pulls from Cloudsmith to Kubernetes using OIDC

OWASP CI/CD Part 5 - Insufficient PBAC

Jun 6, 2025 By Nigel Douglas In Cloudsmith

One of the more overlooked yet critical vulnerabilities highlighted in the OWASP Top 10 for CI/CD Security Risks is Insufficient PBAC (Pipeline-Based Access Controls). Let’s unpack what PBAC is, why it's essential, and how you can leverage modern access control tools like Open Policy Agent (OPA) and Rego to mitigate these risks effectively.

Read Post

Cloudsmith

Read more about OWASP CI/CD Part 5 - Insufficient PBAC

Flexible, Evidence-Driven Compliance: Meet Kosli's Custom Attestations

Jun 6, 2025 By Product Team In Kosli

At Kosli, we believe that governance in software delivery shouldn’t be a bottleneck – it should be an extension of how your teams already work. That’s why we’re excited to introduce custom attestations in Kosli. Here’s the short version: What are custom attestations? They let you record facts about your workflows – with evidence – using controls that actually match your processes. Why does this matter? Because generic attestations can miss the mark.

Read Post

Kosli

Read more about Flexible, Evidence-Driven Compliance: Meet Kosli's Custom Attestations

N-able U Launches Product Certifications to Boost UEM Operational Efficiency and Simplify IT and Security Management

Jun 5, 2025 By N-able In N-able

Free to customers, on-demand certifications help IT professionals maximize the value of N-able UEMs.

Read Post

N-able

Read more about N-able U Launches Product Certifications to Boost UEM Operational Efficiency and Simplify IT and Security Management

Multiple Malicious Packages Discovered on PyPI, npm, and RubyGems

Jun 5, 2025 By Ian Taylor In Cloudsmith

Evidence of broad and sustained attacks using several npm, Python, and Ruby packages continues to emerge. A series of malicious packages have been added to the npm, PyPI, and RubyGems package repositories. The attacks have been ongoing for some time, with some seeded years ago. Their aims are manifold, including stealing funds from crypto wallets, deleting codebases, and obtaining Telegram messaging data.

Read Post

Cloudsmith

Read more about Multiple Malicious Packages Discovered on PyPI, npm, and RubyGems

Reliable Dedicated Servers as the Foundation of Scalable DevOps Architecture

Jun 5, 2025 By OpsMatters In OpsMatters

Imagine launching a product update at peak traffic time. Your development team pushes the changes, expecting everything to run smoothly. But instead of seamless deployment, the infrastructure buckles-delays spike, user complaints pour in, and error logs flood your screen. Sound familiar? In the world of DevOps, where agility and uptime are non-negotiable, the strength of your backend setup determines how fast-and how safely-you can move. At the heart of this digital engine lies a crucial but often underestimated component: the server. More specifically-reliable dedicated servers.

Read Post

OpsMatters

Read more about Reliable Dedicated Servers as the Foundation of Scalable DevOps Architecture

Blancco Report Finds Stolen Devices are a Bigger Cause of Data Loss Than Stolen Credentials or Ransomware

Jun 4, 2025 By Blancco

Survey of IT leaders finds that AI and regulations are driving change in data disposition-leading to an average increase of 46% in compliance investment.

Read Post

Read more about Blancco Report Finds Stolen Devices are a Bigger Cause of Data Loss Than Stolen Credentials or Ransomware

Community Vigilance, Enterprise Response: Addressing CVE-2024-21626 in Rancher

Jun 4, 2025 By Jiaqi Luo In Rancher

In backend engineering, many days follow a familiar rhythm: coffee, code reviews, maybe deploying a new feature. But occasionally, the routine is interrupted by a message that signals a different kind of challenge, like a Slack notification from the security team: “Hey, we’ve identified a potential issue. Need to sync up.” This post details one such instance—our journey addressing CVE-2024-21626, a privilege escalation vulnerability reported in Rancher.

Read Post

Rancher

Read more about Community Vigilance, Enterprise Response: Addressing CVE-2024-21626 in Rancher

SentinelOne Outage: Why Early Detection and Independent Monitoring Matter

Jun 4, 2025 By Colin Bartlett In StatusGator

When SentinelOne, a leader in cybersecurity and endpoint protection, experienced a major outage last week, thousands of organizations were suddenly left in the dark. With SentinelOne down for hours, IT and security teams scrambled for information and updates. But there was a critical missing piece: SentinelOne has no public status page. This gap left customers frustrated, searching for answers on social media, Reddit, and unofficial channels.

Read Post