%term

CVE-2025-3248: Serious vulnerability found in popular Python AI package

Jun 17, 2025 By Nigel Douglas In Cloudsmith

Researchers at Trend Micro have uncovered a critical unauthenticated remote code execution (RCE) vulnerability affecting Langflow versions prior to 1.3.0. Langflow is a Python-based visual framework for building AI applications and boasts over 70,000 stars on GitHub and over 21,000 global weekly downloads from the public PyPI upstream. Source: Cloudsmith Navigator Versions released before 1.3.0 contain a serious flaw in the code validation logic, which allows arbitrary code execution.

Read Post

Cloudsmith

Read more about CVE-2025-3248: Serious vulnerability found in popular Python AI package

OWASP CI/CD Part 7: Insecure System Configuration

Jun 16, 2025 By Nigel Douglas In Cloudsmith

Insecure system configuration is a textbook example of how neglected settings can create an entry point for attackers targeting your CI/CD pipelines. It’s rarely the cutting-edge zero-day that causes a breach. More often, it’s the unpatched service, the overly permissive role, or the default password that was never changed. While this risk overlaps with CI/CD credential hygiene (covered in Part 6 of our OWASP CI/CD series), the focus here is much broader.

Read Post

Cloudsmith

Read more about OWASP CI/CD Part 7: Insecure System Configuration

DevEx Unpacked 005 - Secure DevOps, Rego Policies & Growing Cloudsmith with Ciara Carey

Jun 16, 2025 By Cloudsmith In Cloudsmith

Episode 005: In this episode of DevEx Unpacked, Alan Carson chats with Ciara Carey, Solutions Engineer at Cloudsmith, about her career journey from developer to DevRel to her current customer-facing role. Ciara shares real-world insights on software supply chain security, how teams are using Enterprise Policy Management (EPM) to control open source risk, and why Cloudsmith’s cloud-native platform is a game changer for DevSecOps workflows.

View Video

Cloudsmith

CI CD
DevOps

Read more about DevEx Unpacked 005 - Secure DevOps, Rego Policies & Growing Cloudsmith with Ciara Carey

DevEx Unpacked 004 - Scaling Startups, Blockchain & Developer Culture with Jack Spargo

Jun 13, 2025 By Cloudsmith In Cloudsmith

Episode 004: In this episode of DevEx Unpacked, Alan Carson chats with Jack Spargo, CTO of Control Alt, about his fascinating career journey from aerospace engineering to leading blockchain-powered investment platforms. Jack shares lessons from being acquired overnight, the challenges of building a platform from scratch, and why he’s betting big on junior engineers and AI augmentation. They explore the realities of compliance, software supply chain security, and why Northern Ireland is fast becoming a serious start-up hub.

View Video

Cloudsmith

CI CD
DevOps

Read more about DevEx Unpacked 004 - Scaling Startups, Blockchain & Developer Culture with Jack Spargo

DevEx Unpacked 003 - Scaling Cloudsmith, Security Innovation & Developer DNA with Tom Gibson

Jun 12, 2025 By Cloudsmith In Cloudsmith

Episode 003: In this episode of DevEx Unpacked, Alan Carson sits down with Tom Gibson, Principal Engineer and long-time Cloudsmith team member, to trace his journey from early start-up to leading strategic innovation in the CTO’s office. Tom shares behind-the-scenes stories about engineering through scale, building continuous security scanning, and what it takes to evolve a developer-first platform.

View Video

Cloudsmith

CI CD
DevOps

Read more about DevEx Unpacked 003 - Scaling Cloudsmith, Security Innovation & Developer DNA with Tom Gibson

DevEx Unpacked 002 - DevRel, Donuts & Distributed Systems with Dan McKinney

Jun 11, 2025 By Cloudsmith In Cloudsmith

Episode 002: In this episode of DevEx Unpacked, Alan Carson sits down with Dan McKinney, one of Cloudsmith’s earliest team members and now Head of Solutions Engineering. Dan reflects on his unique journey from writing docs and filming DevRel videos to leading high-stakes enterprise sales. Discover how Cloudsmith scaled from a two-person start-up to a platform trusted by global enterprises, why software supply chain security is more urgent than ever, and what features make developers and security teams lean in.

View Video

Cloudsmith

CI CD
DevOps

Read more about DevEx Unpacked 002 - DevRel, Donuts & Distributed Systems with Dan McKinney

OWASP CI/CD Part 6: Insufficient Credential Hygiene

Jun 10, 2025 By Nigel Douglas In Cloudsmith

This post, part six of our OWASP CI/CD Top 10 series, looks at some of the common risks associated with Insufficient Credential Hygiene. By better understanding the flaws that affect credential hygiene, we can better understand how even the most sophisticated pipelines were compromised.

Read Post

Cloudsmith

Read more about OWASP CI/CD Part 6: Insufficient Credential Hygiene

DevEx Unpacked 001 - Scaling Secure Software with Alison Sickelka

Jun 10, 2025 By Cloudsmith In Cloudsmith

Episode 001: In this inaugural episode of DevEx Unpacked, host Alan Carson sits down with Alison Sickelka, VP of Product at Cloudsmith, for a deep dive into the evolution of software supply chain security. Alison shares her journey from journalism to product leadership, the unique talent landscape in Belfast, and how Cloudsmith is pioneering secure artifact management. Learn how Cloudsmith's Enterprise Policy Management is shaping compliance strategies, why SBOMs are crucial, and where AI fits in a secure DevOps future.

View Video

Cloudsmith

Read more about DevEx Unpacked 001 - Scaling Secure Software with Alison Sickelka

Docker Hardened Images & Cloudsmith: Modern Security for the Software Supply Chain

Jun 6, 2025 By Maia Livingstone In Cloudsmith

Explore how Docker and Cloudsmith help secure the software supply chain with SBOMs, signatures, provenance, and hardened images - enabling end-to-end visibility and trust without slowing development.

Read Post

Cloudsmith

Read more about Docker Hardened Images & Cloudsmith: Modern Security for the Software Supply Chain

Secure Docker Image Pulls from Cloudsmith to Kubernetes using OIDC

Jun 6, 2025 By Ian Duffy In Cloudsmith

Pulling Docker images from private registries for containerised applications presents a security challenge. It requires authentication management, network access, and trust across distributed systems. Credentials must be securely handled and rotated, and image pulls can break due to network restrictions or expired tokens. All of this makes deployment and security harder.

Read Post

Cloudsmith

Read more about Secure Docker Image Pulls from Cloudsmith to Kubernetes using OIDC

Operations | Monitoring | ITSM | DevOps | Cloud

CVE-2025-3248: Serious vulnerability found in popular Python AI package

OWASP CI/CD Part 7: Insecure System Configuration

DevEx Unpacked 005 - Secure DevOps, Rego Policies & Growing Cloudsmith with Ciara Carey

DevEx Unpacked 004 - Scaling Startups, Blockchain & Developer Culture with Jack Spargo

DevEx Unpacked 003 - Scaling Cloudsmith, Security Innovation & Developer DNA with Tom Gibson

DevEx Unpacked 002 - DevRel, Donuts & Distributed Systems with Dan McKinney

OWASP CI/CD Part 6: Insufficient Credential Hygiene

DevEx Unpacked 001 - Scaling Secure Software with Alison Sickelka

Docker Hardened Images & Cloudsmith: Modern Security for the Software Supply Chain

Secure Docker Image Pulls from Cloudsmith to Kubernetes using OIDC

Monthly Archive

Follow Us