Alan reflects on a turbulent year in DevSecOps, highlighting the rise of AI-driven security, the maturing of hybrid work culture, the growing influence of platform engineering, and the incredible strength of the DevSecOps community — while calling out the talent crunch, tool sprawl and security theater the industry must still overcome.

The post What I’m Thankful for in DevSecOps This Year: Living Through Interesting Times appeared first on Security Boulevard.

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised scripts, and GitHub users attacked, creating one of the most significant supply chain attacks this year.

The post The Latest Shai-Hulud Malware is Faster and More Dangerous appeared first on Security Boulevard.

Welcome back, my aspiring cyberwarriors!

Smart homes are increasingly becoming common in our digital world! These smart home devices have become of the key targets of malicious hackers. This is largely due to their very weak security. In 2025, attacks on connected devices rose 400 percent, with average breach costs hitting $5.4 million

In this three-day class, we will explore and analyze the various security weaknesses of these smart home devices and protocols.

Course Outline

1. Introduction and Overview of Smart Home Devices
2. Weak Authentication on Smart Home Devices
3. RFID and the Smart Home Security
4. Bluetooth and Bluetooth LE vulnerabilities in the home
5. Wi-Fi vulnerabilities and how they can be leveraged to takeover all the devices in the home
6. LoRa vulnerabilities
7. IP Camera vulnerabilities
8. Zigbee vulnerabilities
9. Jamming Wireless Technologies in the Smart Home
10. How attackers can pivot from an IoT devices in the home to takeover your phone or computer
11. How to Secure Your Smart Home

This course is part of our Subscriber Pro training package

The SEC dismissed the remain charges in the lawsuit filed in 2023 against software maker SolarWinds and CISO Timothy Brown in the wake of the massive Sunburst supply chain attack, in which a Russian nation-state group installed a malicious update into SolarWInds software that then compromised the systems of some customers.

The post SEC Dismisses Remains of Lawsuit Against SolarWinds and Its CISO appeared first on Security Boulevard.

Securing the Browser’s Blind Spot By Victoria Hargrove, CDM Reporter What CSide Does Most security stacks fortify servers, databases, and internal apps. CSide (Client-side Development, Inc. aka c/side) targets the...

The post Innovator Spotlight: CSide appeared first on Cyber Defense Magazine.