Related posts:

1. The End of an Era: Popular CA Buypass to Halt Free TLS/SSL Certificates
2. SSL Certificate Validity Reduced to 47 Days After Apple Proposal
3. Security Tightens: Let’s Encrypt Will Cap Certificate Validity at 45 Days by 2028

Related posts:

1. The Cryptography Trojan: Malicious Go Module Impersonates Foundational Library to Steal Passwords and Deploy Root Backdoors
2. Malicious Packagist Themes Target Vietnamese OphimCMS Sites with Trojanized JS
3. Backdoored React Native Packages Target Developers with Crypto-Stealing Malware

Related posts:

1. Embargo Broken: Public PoC Released for “Dirty Frag” Linux Kernel Exploit Granting Instant Root Access
2. Breaking the Shield: ‘CrackArmor’ Flaws Expose 12.6 Million Linux Servers to Full Root Takeover
3. Root of the Problem: Sudo Flaw Exposes Linux Systems to Local Privilege Escalation

I work in detection engineering. Wanted to see do other who are working in the same role - do yall ever use python in your role? How important do yall find it related to detection engineering.

I mean like making HTTP requests and parsing response can all be done using codeless tools like logicapps etc and query languages are quite simple as well.

I recently had an interview which i think i wont clear because i didnt ever use python in my work. Not that i never needed to? I could do all of my SOARs using just logicapps / soar platforms / ps scripts / bash scripts. But seems like not knowing how to write python is a big deal? I can Even read python code but not write it, i mean not that i have never needed to in any use case.

Seemed like quite shallow to judge someone just based on programming skills for a detection engineer interview.

My employer wouldn't pay for a CompTIA exam. How are people finding employers to pay multi-thousand dollars for these classes?

Just cause I know it's a bit of a HR checkbox cert.

I have a masters degree in cybersecutity

Have 2.5 years experience in the field

Have done 3 SANs courses

Any use for getting sec+ or nah just skip?

Hi everyone,

Disclosure: I own the project linked below. I’m sharing it because I’m working on the technical side of NIS2 evidence collection, not to pitch services or solicit DMs.

Project context:
https://www.softwareapp-hb.de/projekte.html

The security engineering problem I’m looking at is this:

NIS2 Article 21 requires organizations to address areas like risk management, incident handling, business continuity, supply-chain security, vulnerability handling, access control, asset management, MFA, secure communications, and cyber hygiene. In practice, a lot of “evidence” for these areas still ends up as screenshots, policy PDFs, manual exports, spreadsheets, or consultant-maintained checklists.

That may satisfy some audit workflows, but from a security operations perspective it has obvious weaknesses: evidence goes stale, checks are difficult to reproduce, and there is often a gap between what the policy says and what the infrastructure actually looks like.

I’m building an open-source, self-hostable platform that tries to map NIS2 requirements to concrete technical checks and produce traceable evidence from actual system state. The current design focus is not to replace GRC platforms, legal review, auditors, or an ISMS. The goal is narrower: make certain parts of the evidence layer more repeatable, technical, and defensible.

Examples of evidence areas where this might be useful:

• asset inventory and system classification
• patch/vulnerability state
• account and privilege configuration
• MFA and authentication posture
• backup existence and test evidence
• logging and monitoring configuration
• firewall and network exposure checks
• incident-response process evidence
• technical control mappings to NIS2 Article 21

The hard question is where automation helps and where it becomes misleading.

For example, a system can verify that logging is enabled, but not necessarily that logs are reviewed effectively. A tool can collect patch state, but not decide whether risk acceptance was appropriate. It can validate backup configuration, but not prove that recovery objectives are realistic unless restore tests are captured properly.

For people working in security engineering, SOC, vulnerability management, infrastructure, audit support, or compliance operations:

Where do you think technical automation genuinely improves NIS2 evidence quality?

And where do you think compliance automation creates false confidence?

I’m especially interested in the boundary between measurable technical state and areas that still require human assessment, process maturity, or auditor judgment.

I’m relatively new to cyber security. Our head of security is leaving soon and I’ve been asked to step up. Mostly in regard to performing CE and CE+.

Initially I was tasked to take the CSTM but after the exam last week I’m worried it’s a step too far at this point. Haven’t had the results yet but I struggled.

I’m considering doing the VA+ in the first instance at least so we can keep doing CE+ when my colleague leaves.

Thing is... I can find hardly any resources on how to prepare for it and there don’t seem to be any official courses I can go on.

Can someone who achieved VA+ let me know how they prepared? Maybe there are some courses (in person preferred) but I’m struggling to find anything.

Hope you can help point me in the right direction.

Looks like ShinyHunters wasn't done after all... they've apparently defaced several university/college login websites on May 7 to put pressure on Instructure. They may have succeeded, though, since Instructure is no longer listed on their leak site as of May 8. The current timeline is:

1. April 29 - first incident involving data exfiltration
   
2. May 5 - they posted the list of impacted universities/colleges/districts
   
3. May 7 - second defacement incident
   
4. May 8 - Instructure removed from their leak site

I'd be interesting to know whether Instructure paid, and if they did, how much.

We built gateweb.io - a local SWG with HTTPS inspection that doesn't send your traffic through someone else's cloud. Free for up to 5 users. Curious what the security community thinks about the local-first approach.

Are you able to:

• Detect Shadow AI tools being used by employees?

• Monitor what AI platforms are accessing sensitive data?

• Identify AI policy violations before they become risks?

• Offer AI governance as a managed service?

With AI adoption accelerating, it feels like most MSPs still don’t have clear visibility or control over AI activity inside customer environments.

Curious to know:

Is this already becoming a concern for your clients? And are there any tools today that actually solve this well?

Hey everyone,

I’m planning to take the eCPPT exam in the next 3–4 days and wanted to get some advice from people who’ve already cleared it.

What should I focus on the most during these last few days of preparation? Any common mistakes to avoid or things you wish you knew before attempting the exam?

Also, if you know any Hack The Box or TryHackMe machines/labs that are similar to the exam style, I’d really appreciate the recommendations.

Thanks in advance!