BSides Chicago 2025: Operationalizing Identity Risk In Cloud-Native Environments

Highlights from BSides Chicago 2025, where we explored cloud-native identity risks, from service principal abuse to Kubernetes misconfigs and control-plane compromise tactics.

EDITOR’S PICK

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

Guillaume Valadon

3 Sep 2025 – 4 min read

all tags

Conferences

BSides Chicago 2025: Operationalizing Identity Risk In Cloud-Native Environments

Highlights from BSides Chicago 2025, where we explored cloud-native identity risks, from service principal abuse to Kubernetes misconfigs and control-plane compromise tactics.

Identity Architecture Now Drives Cyber Risk: Techno Security & Digital Forensics Conference West 2025

Identity, classification, and cloud persistence risks took center stage at Techno Security West 2025. Learn what cybersecurity leaders are prioritizing now.

Dwayne McDaniel

4 Nov 2025 – 6 min read

Non-Human Identity

Working Towards Improved PAM: Widening The Scope And Taking Control

Learn how GitGuardian supports expanding privileged access management to include non-human identities and improve secrets management across your infrastructure and vaults.

Dwayne McDaniel

31 Oct 2025 – 5 min read

Secrets detection

The Hidden Cost of Secrets Sprawl

Manual secrets management costs organizations $172,000+ annually per 10 developers. Discover the hidden productivity drain, security risks, and how automation can recover at least 1.2 FTE worth of capacity.

Soujanya Ain

30 Oct 2025 – 7 min read

Conferences

LASCON XV: From AI Risk To Identity Security In AppSec

From ITDR to MCP, LASCON XV in Austin showed how AppSec must evolve to address identity threats, AI challenges, and the complexity of modern production systems.

Dwayne McDaniel

29 Oct 2025 – 6 min read

Secrets detection

Scanning GitHub Gists for Secrets with Bring Your Own Source

Developers treat GitHub Gists as a "paste everything" service, accidentally exposing secrets like API keys and tokens. BYOS lets you scan and monitor these blind spots.

Anna Nabiullina

27 Oct 2025 – 5 min read

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

Artificial Intelligence

Breach explained

Security Research

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.

Gaetan Ferry

22 Oct 2025 – 9 min read

Conferences

INCYBER Forum Canada 2025: Collaboration Wins Over Compliance

At INCYBER Forum Canada 2025, leaders from across sectors explored AI, supply-chain risk, and culture-driven defense, stressing that true resilience is built together.

Dwayne McDaniel

21 Oct 2025 – 7 min read

Secrets detection

Building Chromegg: A Chrome Extension for Real-Time Secret Detection

Ever accidentally pasted an API key into a web form? Chromegg is our new Chrome extension that scans form fields in real-time, alerting you BEFORE you submit secrets. Open-source & ready to use!

Andy Rea

20 Oct 2025 – 5 min read

Artificial Intelligence

OAuth for MCP - Emerging Enterprise Patterns for Agent Authorization

Why agents break the old model and require rethinking traditional OAuth patterns.

Thomas Segura

17 Oct 2025 – 14 min read

Conferences

Rethinking Security Resilience And Getting Back To Basics At CornCon 11

CornCon 11 emphasized security basics, real-world risk alignment, and sustainable practices to help teams build resilient programs in today’s complex threat landscape.

Dwayne McDaniel

16 Oct 2025 – 7 min read

Conferences

SREday SF 2025: Human Centered SRE In An AI World

SRE Day SF shows why dashboards alone do not defend anything. Explore paths to better telemetry, progressive delivery, and resilience that customers can feel.

Dwayne McDaniel

13 Oct 2025 – 7 min read

BSides Chicago 2025: Operationalizing Identity Risk In Cloud-Native Environments

Dwayne McDaniel

MOST POPULAR

Red Hat GitLab Data Breach: The Crimson Collective's Attack

Guillaume Valadon

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

EDITOR’S PICK

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

Gaetan Ferry

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Guillaume Valadon

BSides Chicago 2025: Operationalizing Identity Risk In Cloud-Native Environments

Dwayne McDaniel

Identity Architecture Now Drives Cyber Risk: Techno Security & Digital Forensics Conference West 2025

Dwayne McDaniel

Working Towards Improved PAM: Widening The Scope And Taking Control

Dwayne McDaniel

The Hidden Cost of Secrets Sprawl

Soujanya Ain

LASCON XV: From AI Risk To Identity Security In AppSec

Dwayne McDaniel

Scanning GitHub Gists for Secrets with Bring Your Own Source

Anna Nabiullina

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

Gaetan Ferry

INCYBER Forum Canada 2025: Collaboration Wins Over Compliance

Dwayne McDaniel

Building Chromegg: A Chrome Extension for Real-Time Secret Detection

Andy Rea

OAuth for MCP - Emerging Enterprise Patterns for Agent Authorization

Thomas Segura

Rethinking Security Resilience And Getting Back To Basics At CornCon 11

Dwayne McDaniel

SREday SF 2025: Human Centered SRE In An AI World

Dwayne McDaniel

Start your journey to secrets-free source code