惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 叶小钗
Cisco Talos Blog
Cisco Talos Blog
S
Schneier on Security
T
Threat Research - Cisco Blogs
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
T
Tenable Blog
S
Secure Thoughts
T
Threatpost
V2EX - 技术
V2EX - 技术
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
罗磊的独立博客
P
Privacy & Cybersecurity Law Blog
Engineering at Meta
Engineering at Meta
小众软件
小众软件
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
Y
Y Combinator Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
P
Privacy International News Feed
H
Heimdal Security Blog
量子位
B
Blog

Wiz Blog | RSS feed

Meet Wiz for M365: Bringing SaaS into the Security Graph Bringing Security Visibility to Vercel with Wiz Axios NPM Distribution Compromised in Supply Chain Attack Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild The Wiz Blue Agent, now Generally Available Beyond the Badge: What Achieving Microsoft’s Certified Software Designation Means for Your Cloud Security Introducing the Green Agent: AI-Powered Remediation for the Cloud Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack Introducing the Wiz Red Agent- AI-Powered Attacker Introducing Wiz AI Application Protection Platform (AI-APP) Introducing Wiz Agents & Workflows: Security at the Speed of AI AI Runtime Threat Detection: From Input to Real-World Impact Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack It’s Official: Wiz Joins Google Understanding and Reducing AI Risk in Modern Applications Introducing Wiz Tenant Manager: Multi-Tenant Management for Federated Organizations The Agile FedRAMP Playbook, Part 4: Reactive Risk Management through Enriched Incident Response Wiz Achieves CPSTIC Certification in Spain Seeing AI Clearly: Building Visibility Across Modern AI Applications The Agile FedRAMP Playbook, Part 3: Preventative Risk Management by building Secure by Design Wiz Leads the 2026 Latio Application Security Report with awards in 4 categories Building an Agentic Cloud Security Ecosystem: A Reference Architecture with Wiz MCP and Infosys Cyber Next The Agile FedRAMP Playbook, Part 2: Proactive Risk Management with Continuous Monitoring Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs Wiz Named a Leader in The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026 From Detection to Remediation: It’s Time to Rethink AppSec Around Exploitability and Root Cause Fixes The Agile FedRAMP Playbook, Part 1: Why Risk is Your Best Starting Point Introducing AI Cyber Model Arena: A Real-World Benchmark for AI Agents in Cybersecurity Wiz + Spotify Backstage: Security at the Developer’s Desk Building AI Security Together: New Ways to Partner with Wiz for AI Security in 2026 Hacking Moltbook: The AI Social Network Any Human Can Control The Year in Wiz Research: 2025 Most Read Blogs WizExtend is Here: AI and Cloud Security Insights in Your Daily Workflow From Detection to Remediation: Wiz in Your JetBrains IDE Agentic Browser Security: 2025 Year-End Review CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild A 90-Day Action Plan to Turn Resolutions into Results with Wiz Introducing the Wiz Partner Alliance: A New Chapter for Partner Success Preparing for Post-Quantum Cryptography Wiz Recognized as a 2025 Customers’ Choice in the Gartner® Peer Insights™ Voice of the Customer for CNAPP Expanding the Zero Critical Club to set a new standard for AppSec and SecOps teams Snipping the Long Tail of Shai-Hulud 2.0 Protecting Against Zero-Day Vulnerabilities with SOC-Level ASM Alert MongoBleed (CVE-2025-14847) exploited in the wild: everything you need to know The Kenna Transition: Your Strategic Shift to Exposure Management From MCP to Vibe Coding: Full Endpoint Visibility in Wiz AI Security Bringing Oracle Cloud Identity to Wiz Zero‑Days in the Age of AI: Behind the Scenes of ZeroDay.cloud 2025, with a Record High of CVEs in Critical Cloud Infra Gogs 0-Day Exploited in the Wild Code to Cloud Attacks: From Github PAT to Cloud Control Plane Top AWS re:Invent Announcements for Security Teams in 2025 React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182 React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability Wiz Product Announcements at re:Invent 2025: Expanding Visibility from Code to Cloud Introducing Wiz SAST: Where Code Risk Meets Cloud Context Wiz Becomes Fastest Security ISV to Reach $1 Billion in AWS Marketplace Lifetime Sales It's Here! Wiz Exposure Management is Now GA Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact Service Catalog is Here: Expand Risk Visibility for Your Service and Its Dependencies, Simplify Issue Ownership WizOS: Powering Secured Image Adoption with AI 3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs Mastering Software Governance with Hosted Technologies Inventory Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets Get Certified on Wiz Defend for Threat Detection and Response Blueprint for Security: A Guide to Code, Governance, and Response Frameworks Google Unified Security Recommended Program Names Wiz Among First 3 Strategic Partners Introducing Posture Issues: Transform Security Findings into Actionable Outcomes Empower and Accelerate Your SOC with the Blue Agent Exposure Report: 65% of Leading AI Companies Found with Verified Secret Leaks Wizdom 2025 Product Announcements: Extending the Cloud Operating Model When AI Becomes the Heart of Security: Powering a Future You Can Trust AI-Powered Wiz: From Agents to Everyday Intelligence Defend Agentless Workload Detection: Bringing Visibility to Blind Spots in Threat Detection Securing AI Agents with Wiz AI-SPM Introducing Wiz ASM: Context-Driven Attack Surface Management Securing Critical Infrastructure in the Cloud Era: A Policy and Technology Blueprint How CISOs Should Plan Security Budgets for 2026 Beyond the Checkbox: How Wiz Transforms SOC 2 into a Security Powerhouse Bringing Visibility to Kubernetes: Unified Inventory and Network Insight The Foundation Modern AppSec Is Still Missing: Code to Cloud, Rebuilt the Right Way Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, 10 CVSS score Defending against database ransomware attacks AI Security 101: Mapping the AI Attack Surface Introducing zeroday.cloud: First-of-its-kind cloud and AI hacking competition Unifying Cloud Risk and Network Defense: Wiz and Check Point The emerging use of malware invoking AI Wiz achieves FedRAMP High authorization Wiz + HCP Terraform: Close the IaC-to-Cloud Infrastructure Security Gap IMDS Abused: Hunting Rare Behaviors to Uncover Exploits Beyond CVEs: The Exploitation of Everyday Misconfigurations Wiz Research Discovers One in Five Organizations Exposed to Systemic Risks in Vibe-Coded Applications - Here's How to Secure Them Introducing Wiz Incident Response: Your Expert Partner for Cloud Security Incidents Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware DORA Compliance in the Cloud Era: Insights from Deloitte and Wiz How Wiz Customers like Brex and FICO See AI Changing Security Wiz Recognized as a Leader in the 2025 IDC MarketScape for ASPM
KubeCon + CloudNativeCon North America 2022: Our top 10 sessions to attend
2022-10-21 · via Wiz Blog | RSS feed

KubeCon + CloudNativeCon is one of the must-attend events for cloud-native technologies. You will be able to learn, exchange, and network with peers about Kubernetes but also about containers and new development frameworks. For those who can't attend in person, it is possible to attend the live sessions from the virtual event. This event offers 200+ sessions including technical sessions, deep-dives, case studies, and more. To make sure you get the most out of your time, we've selected sessions delivered by security experts, whether they are customers, software vendors, or maintainers. 

Below is a list of our top 10 sessions.  

Using the EBPF Superpowers To Generate Kubernetes Security Policies 

Format: 35-Minutes Briefings 

Tracks: Security + Identity + Policy 

Kubernetes has several security mechanisms that can be used to secure your applications: - limit network connectivity with network policies - block some system calls with seccomp profiles - restrict access to some Linux capabilities in security contexts Defining those policies is difficult. It usually happens that the team defining them is not the one that created the application, hence they might not have a good enough view of the architecture to know how to write them. We will present and demo different ways to automatically generate the 3 different kind of policies mentioned above by monitoring the application's events with the following eBPF-based tools: - Inspektor Gadget - Kubernetes Security Profiles Operator - oci-seccomp-bpf-hook We'll discuss the limitations of this approach and the future ahead of these tools. Finally, we will explain how applications can be audited to see if the security policies are respected. 

More info about the session > 

Kubernetes to Cloud Attack Vectors: Demos Inside 

Format: 35-Minutes Briefings 

Tracks: Security + Identity + Policy 

Cloud service providers are constantly enhancing and releasing new capabilities to provide the best managed Kubernetes experience, intertwining cloud-specific capabilities within, to ease integrations and reduce friction. This talk is about the fine line between your managed Kubernetes cluster and its underlying Cloud environment, and how intertwining cloud-specific capabilities within the managed Kubernetes services introduces potential attack vectors and lateral movement paths – from Kubernetes outwards, or from the cloud inwards. This talk is demo-driven, we'll demonstrates several scenarios where an attacker can gain a foothold in a Kubernetes cluster and move laterally in order to compromise other cloud resources outside the cluster, or alternatively, gaining access to a cloud resource with the intent of compromising resources within a cluster. This talk also covers some of the best practices for configurations and standards to adopt in EKS, AKS and GKE to secure them from cluster-to-cloud or cloud-to-cluster attacks. 

More info about the session > 

Migrating From PodSecurityPolicy 

Format: 35-Minutes Briefings 

Tracks: Security + Identity + Policy 

Pod Security Policy (PSP) has been completely removed in Kubernetes v1.25, making it essential for users to migrate their clusters before upgrading to v1.25. The good news is that the Pod Security admission controller, designed as a simpler successor to PSP, just graduated to stable. The bad news is that the migration is not always straightforward. In this talk, you will see the quick-and-dirty migration path, and then dive deep into the nuances and challenges of migrating off PSP. We will also explore a couple of alternatives to the Pod Security admission controller, and when and why you might choose those alternatives instead. The goal of this talk is to empower you to confidently and safely begin upgrading your clusters, and bid farewell to PSP. 

More info about the session > 

How the Argo Project Transitioned From Security Aware To Security First 

Format: 35-Minutes Briefings 

Tracks: Security + Identity + Policy 

When the Argo project applied for graduation, we believed we had a good handle on security. After all, we hadn't had any CVEs in a while, and we had 100s of companies using it in production. So everything must be great, right? This is the story of an incubating CNCF project learning: what we didn't know and how we dove headfirst into a mission to put security first. Attendees will learn about the project processes we put in place for reported vulnerabilities, how to work with external security companies, and the help we received from the CNCF. We’ll also dig into the engineering best practices we implemented as well as take a look at some concrete implementations around SBOMs and Fuzzing. The information in this talk will be especially beneficial to anyone from incubating or sandbox projects that are setting out to improve their security posture, but the learnings, stories and recommendations presented will be equally applicable to any software project or product. 

More info about the session > 

Cilium Updates, News And Roadmap 

Format: 35-Minutes Briefings 

Tracks: Maintainer Track 

Welcome to Cilium! In this session you'll get an update on how the Cilium project has been progressing on the road towards graduation. You'll hear about the latest developments and future roadmap, including news about some of the largest and most interesting deployments of Cilium. And don't miss this session if you're interested in contributing to the project, as there will be guides on how to get involved and where your help is needed. 

More info about the session > 

Lightning Talk: A Puzzling Solution. How To Be Better At Accepting Others Experiences. 

Format: 5-Minutes lightning Talk 

Tracks: Maintainer Track 

As we gain experience and expertise in an area of study we often find ourselves struggling to meet our colleagues where they are. In this session I am going to share an experience I've had that I think can help you bring a little objectivity to the problem. We can all do better at listening and raising others up. I've spent years at this and I still make mistakes all the time. If you are interested in seeing someone solve a rubiks cube live on stage come on over and join me for this lightning talk! 

More info about the session > 

The New Stack Pancake Breakfast - "Devs and ops people – it’s time for some Kubernetes couples therapy" 

Format: 60-Minutes Panel 

Tracks: Experiences 

Join us for a dive deep into how Kubernetes shapes the dynamic between dev and ops teams with people who’ve been there. Questions we will explore: 

·       Have you resolved the eternal tension between experimentation and control? 

·       Are you true partners with the same goals and priorities? 

·       Do you agree on the need for security and trust, or fight over complexity and cost? 

·       Do you really talk, or just swap trouble tickets? 

Way back in May at KubeCon EU we hosted a packed panel about the ops experiences with Kubernetes ‘after the honeymoon'. But what about the developer experience? It’s not just about ops teams. Devs need some love, too. 

They say a problem shared is a problem halved. Let’s avoid a food fight and talk it through at the breakfast table over a short stack with The New Stack, sponsored by Spectro Cloud. 

More info about the session > 

Zero Trust Supply Chains with Project Sigstore and SPIFFE 

Format: 35-Minutes Briefs 

Tracks: Maintainers 

In order to ensure the trustworthiness of your software supply chain, maintainers must restate a number of assumptions. As opposed to inherently trusting build systems to serve accurate package metadata, we propose verification of every claim in the chain against the actors and tasks involved in the process. The combination of cryptographically verifiable identities with the use of transparency logs provides a novel approach to accomplish so and increase the security guarantees of your release artifacts. 

 Project Sigstore provides a toolkit to allow organizations to publish verifiable provenance about publicly distributed artifacts. This metadata is in turn stored on the Sigstore Binary Transparency Log (Rekor), signed and verified by use of Keyless Signatures (Cosign) and the Sigstore Certificate Authority (Fulcio), and stored in an OCI registry where it can be verified, discovered, and used in policy engines. Backed by SPIFFE’s reference implementation SPIRE, all cryptographic operations are rooted in a strongly attested universal identity control plane for distributed systems. 

 This presentation will demonstrate how a zero trust supply chain architecture can be applied to build systems, through the use of Sigstore and SPIRE for a Federated, Verifiable, Zero-Trust Supply Chain. Additionally, TektonCD will be used as the example build system and in-toto as the example provenance format. 

More info about the session > 

From Security Testing To Deployment In a Single PR - Sarah Khalife, GitHub & Grant Griffiths, Pure Storage 

Format: 35-Minutes Briefs 

Tracks: CI/CD 

Automating cloud native app development and incorporating security through a transparent and consistent process is key in building any production level applications. On a daily basis, think about how often you build your application and scan for vulnerabilities in the code. This is mostly an afterthought and not always considered as the easy part of developing any applications. However, the recent vulnerability exploits reinforced the need for a secure development lifecycle. Simplifying and automating the process all in a single pull request makes it much easier for any cloud app developer to add security! This talk will cover how to leverage available open source tooling to build and test a cloud native application, run security scans across it, and package it for shipping. For automation, we will have a step-by-step demonstration on how to set it up all within a PR to provide consistency and push the containerized application to a Kubernetes environment. 

More info about the session > 

Thriving With Kubernetes On-Call: Best Practices & Lessons Learned - Sunil Shah & Ramya Krishnan, Airbnb; Ashley Cutalo, Lyft; Madhu C.S., Robinhood; Fabio Kung, Netflix 

Format: 35-Minutes Briefs 

Tracks: Reliability + Operational Continuity 

Kubernetes clusters are critical infrastructure at large, public companies, with large amounts of traffic, complex dependencies on 3rd party services, and constant change as developers release features and traffic scales up and down. In this panel discussion, engineers from Airbnb, Lyft, Netflix and Robinhood share their challenges, experiences and learnings when it comes to managing a sustainable on-call rotation that meets the needs of their internal users whilst maintaining a high uptime to serve business critical workloads. Topics covered will include: +Keeping on-call engineers happy + Balancing rapid response with alert fatigue + Strategies to proactively deal with production issues + Preparing engineers for on-call 

More info about the session >