Gixy-Next is an open-source tool that scans NGINX configuration files for security misconfigurations and performance issues. It improves on the original Gixy by adding support for modern systems and enhancing detection capabilities. Users can run it locally or in a browser.

Cloudflare experienced significant network failures in November and December 2025, prompting them to launch a "Code Orange: Fail Small" initiative. This plan focuses on improving the resilience of their network by implementing controlled rollouts for configuration changes, enhancing failure handling, and streamlining emergency response processes.

This article details the author's development of a Sysmon configuration designed to track Remote Monitoring and Management (RMM) tools using the LOLRMM framework. It outlines the process of testing various installers, sandboxing them, and refining filters to improve detection capabilities. The configuration is a work in progress, with sections already completed and others pending review.

Infisical is an open-source tool for managing secrets and application configurations. It allows teams to sync secrets across various platforms, maintain version control, and prevent leaks. The platform also supports features like secret rotation, dynamic secrets, and integration with Kubernetes.

Mailgoose is a tool for verifying SPF, DMARC, and DKIM settings to help prevent email spoofing. Developed by CERT PL, it supports Polish institutions in configuring their domains correctly. The app relies on libraries like checkdmarc and dkimpy.

This article explains how to set up the AWS WAF Anti-DDoS managed rule group to effectively protect web applications from Layer 7 DDoS attacks. It covers the balance between mitigating attacks and ensuring a smooth experience for legitimate users, detailing configurations for different client types and request scenarios.

The article discusses the importance of environment variables in software development, highlighting how they help manage configuration settings outside of the codebase. This practice enhances security and flexibility, allowing developers to easily switch between different environments such as development, testing, and production without changing the code. It also emphasizes best practices for using and managing environment variables effectively.

AWS has launched a simplified console experience for AWS WAF, reducing web application security configuration steps by up to 80% and providing expert-level protection. This new feature allows security teams to implement comprehensive protection quickly through pre-configured packs tailored to specific application types, enhancing security monitoring and response capabilities.

Varlock enhances the management of environment variables by allowing the addition of a declarative schema to .env files through the use of the @env-spec decorator comments. It offers features such as validation, coercion, type safety, and protection for sensitive configurations, along with flexible multi-environment handling. Users can easily install and validate their .env.schema, ensuring their environment variables are secure and well-organized.

Talos Linux is a specialized operating system for Kubernetes that prioritizes security and lifecycle management, eliminating traditional user interactions like shell access. The article outlines the installation process using kexec and discusses options for configuration management with tools like talosctl and Talm, enabling users to set up Talos Linux on various infrastructures.

Novops is a versatile open-source tool designed for secure secret and configuration management, allowing developers to safely load secrets from various sources like Hashicorp Vault, AWS, and Azure. It manages environment variables and files in-memory, ensuring sensitive data is only accessible when needed, and supports multiple environments for development and production.

The article discusses the security vulnerabilities associated with misconfigured Redis instances, highlighting how attackers can exploit these weaknesses to gain unauthorized access to sensitive data. It emphasizes the importance of proper configuration and security measures to protect Redis installations from potential threats.

ssh-audit is a tool designed for auditing SSH server and client configurations, allowing users to assess security settings, recognize software and operating systems, and identify weaknesses in algorithms. It supports various features such as policy scans, key exchange analysis, and compatibility checks, and can be run on both Linux and Windows without dependencies. The tool includes built-in hardening guides and maintains compatibility with Python versions 3.9 to 3.13.