Defensive Security Podcast Episode 312 Want to support us?  Want even MORE DefSec?  Starting this week, we are providing more DefSec for our Patreon donors.  Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec   Links: https://arstechnica.com/securi....ty/2025/06/active-ex https://www.bleepingcomputer.c....om/news/security/man https://www.helpnetsecurity.co....m/2025/06/23/new-hir Patreon exclusive discussions: https://www.helpnetsecurity.co....m/2025/06/27/cyberse https://www.theregister.com/20....25/06/24/vulnerabili
https://defensivesecurity.org/....defensive-security-p

AWS Certificate Manager now supports exporting public certificates AWS Certificate Manager (ACM) simplifies the provisioning, management, and deployment of public and private TLS certificates for AWS services and your on-premises and hybrid applications. To further enhance the flexibility of ACM for diverse workloads, we’re introducing a powerful new capability: ACM exportable public certificates. You can use this capability to export public TLS certificates and […]
https://aws.amazon.com/blogs/s....ecurity/aws-certific

Senator Chides FBI for Weak Advice on Mobile Security Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate's most tech-savvy lawmakers says the feds aren't doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.
https://krebsonsecurity.com/20....25/06/senator-chides

The Future of DevSecOps is Deterministic Originally published by Gomboc.

Written by John Kamenik, Principal DevSecOps Engineer, Gomboc.

 


For years, DevSecOps has aimed to integrate security seamlessly into every phase of the software development lifecycle. Despite major advancements in tooling and cultural practices, one persistent challenge remains: most security workflows still rely on manual intervention, inconsistent remediations, and reactive triage. As cloud complexity grows, traditional approaches to se...
https://cloudsecurityalliance.....org/articles/the-fut

Introducing the OWASP NHI Top 10: Standardizing Non-Human Identity Security Originally published by Astrix.

Written by Tal Skverer.

 


The non-human identity market has significantly matured in the past couple of years. While NHIs like service accounts, API keys, and OAuth apps are not new, the realization that managing and securing them has to be a priority is somewhat recent. 

With that, many security teams lack a clear, standardized view of the risks these identities pose, and how to go about including them in security programs....
https://cloudsecurityalliance.....org/articles/introdu