
Jason Chavarría
Among exposed were secrets, code and AI training data
We describe the leak and mention its causes and threats, talk about the possible security risks when using Azure SAS tokens and give advice to prevent leaks.

Andres Roldan
An OffSec Exploitation Expert review
In this post, we review the EXP-401 course and OSEE certification offered by OffSec.

Felipe Ruiz
Towards an approach that engages more than SCA and SBOM
Understand what a comprehensive software supply chain security approach should aim at and why it is crucial to implement it during your company's SDLCs.

Felipe Ruiz
A brief overview of this recent EU draft regulation
Learn about the draft Cyber Resilience Act, including its purposes, obligations and penalties, before its final version comes.

Jason Chavarría
Increase the board's cyber savvy with these reads
Boards need to gain skills to identify, assess and supervise their organizations' cyber risk-management measures. We share resources to help them on their way.

Felipe Ruiz
Soon it will be a must in cybersecurity due to NIS2
We briefly introduce the NIS 2 Directive and pay special attention to its cybersecurity training requirement for organizations' boards of directors.

Jason Chavarría
Toyota's ancient and recently disclosed data leaks
We describe the data leaks recently disclosed by Toyota Motor Corporation lasting five, eight and ten years.

Andres Roldan
A hacker's view of the performance of Researcher CNAs
We've been a CNA for a while, and this is an analysis of our performance.

Andres Roldan
An OffSec Experienced Pentester review
In this post, we review the PEN-300 course and OSEP certification offered by OffSec.