Nearly 3 out of 4 Oracle Java users got audited in 3 years. Big Red’s changes to Java licensing also inspire exodus to open source.
#audit #java #licensing #opensource #oracle
https://www.theregister.com/2025/07/15/oracle_java_users_audited/

Nearly 3 out of 4 Oracle Java users got audited in 3 years. Big Red’s changes to Java licensing also inspire exodus to open source.
#audit #java #licensing #opensource #oracle
https://www.theregister.com/2025/07/15/oracle_java_users_audited/
Discover 12 AI Tools to automate your pentest and cybersecurity audits-3
#AI #tool #pentest #cybersecurity #audit
11. Garak (https://github.com/NVIDIA/garak)
NVIDIA’s tool for red-teaming and probing LLMs, designed to test model safety, robustness, and leakage.
12. Auto Recon LLM (https://github.com/CyberSecurityUP/auto-recon-llm)
Automates the reconnaissance phase using LLMs to interpret recon output and make tactical decisions.
Discover 12 AI Tools to automate your pentest and cybersecurity audits-2
#AI #tool #pentest #cybersecurity #audit
6. Nuclei AI Extension (https://github.com/projectdiscovery/nuclei-ai-extension)
Official extension for Nuclei that uses AI to suggest and create new detection templates from HTTP responses.
7.
A GPT-powered hacking CLI to assist with payload crafting, bypass techniques, and offensive scripting.
8. AutorizePro (https://github.com/WuliRuler/AutorizePro)
Authorization fuzzing tool with GPT integration to generate smarter test cases and detect access control issues.
9.
Uses GPT to identify misconfigurations and vulnerabilities in cloud environments like AWS, GCP, and Azure.
10. K8sGPT (https://github.com/k8sgpt-ai/k8sgpt/)
Diagnoses misconfigurations and vulnerabilities in Kubernetes clusters, explained in natural language via LLMs.
Discover 12 AI Tools to automate your pentest and cybersecurity audits-1
#AI #tool #pentest #cybersecurity #audit
1. PentestGPT (https://github.com/GreyDGL/PentestGPT)
LLM-based tool that simulates a step-by-step penetration testing process, emulating a realistic attack workflow.
2. Auto-Pentest-GPT-AI (https://github.com/Armur-Ai/Auto-Pentest-GPT-AI)
An AI-powered framework using GPT-4 to perform automated pentests with logical, chain-of-thought exploration.
3. BurpGPT (https://github.com/aress31/burpgpt)
A Burp Suite extension that integrates GPT to analyze requests/responses and suggest payloads or detect vulnerabilities.
4. ReconAIzer (https://github.com/hisxo/ReconAIzer)
An AI-driven reconnaissance assistant using GPT-4 to interpret recon tool results and recommend next steps.
5. PassGAN (https://github.com/brannondorsey/PassGAN)
A generative adversarial network trained to generate real-world passwords based on leaked data — a smart brute-force ally.
Day 12 cont
The #Liberals have a candidate problem continued:
“Liberal #candidate #ScottYung and party officials have declined to answer detailed #questions about whether his use of #Chinese celebrities and a public relations firm in the 2019 #StateElection complied with official #guidelines, as the Liberal party confirms an #audit of campaign disclosures.
A private dinner at a “luxurious venue” in #Sydney to raise #CampaignFunds for Yung, featuring the former Liberal prime minister #TonyAbbott, has also been cancelled without explanation.”
…
“Wishing the talented young Chinese Mr #RongSicheng [Scott Yung] has great success ahead and a boundless future! All the best! I’m #ZhangTielin from #Beijing, #China.”
The cursed Liberal Christian name “Scott” strikes again.
#AusPol / #LNP / #Bennelong / #Kogarah <https://theguardian.com/australia-news/2025/apr/10/nsw-electoral-commission-rules-disclosing-celebrity-endorsements-liberal-candidate-scott-yung-ntwnfb>
" #DOGE appears to have completely eschewed the existing processes for actually rooting out waste, #fraud, and abuse.
“An #audit that follows Generally Accepted Government Auditing Standards (GAGAS)... That is the gold standard for how you audit the #government.”
There are generally five phases of a GAGAS audit, the auditors tell WIRED: planning, evidence gathering, evaluation, reporting, & follow up."
https://www.wired.com/story/federal-auditors-doge-elon-musk/
‘It’s a Heist’: Real Federal Auditors Are Horrified by DOGE
WIRED talked to actual federal auditors about how #government auditing works—and how DOGE is doing the opposite.
https://www.wired.com/story/federal-auditors-doge-elon-musk/
"federal #auditors with years of #experience... say that DOGE’s actions are the furthest thing from what an actual #audit looks like...
“Honestly, comparing real #auditing to what #DOGE is doing, there’s no comparison... None of them are auditors”
We live and breathe Open Source! All parts of IPFIre are fully open and auditable at https://git.ipfire.org #opensource #git #security #audit
A quick reminder to inspect what you expect, especially when #selfhosting.
Ministr zemědělství Marek Výborný odvolal ředitele Výzkumného ústavu živočišné výroby Pavla Čermáka kvůli závažným zjištěním z auditu. Ministerstvo plánuje trestní oznámení na neznámého pachatele. Audit pokračuje a detaily budou zveřejněny později. #zemědělství #audit #transparentnost
Více informací najdete zde:
https://tiskovec.cz/clanky/ministr-zemedelstvi-odvolal-reditele-vyzkumneho-ustavu-zivocisne-vyroby-duvodem-jsou-zavazna-zjisteni-z-probihajiciho-auditu?utm_source=mastodon_czech&utm_medium=social&utm_campaign=new_article
My presentation to ISACA on spreadsheet risk
https://www.isaca.org/training-and-events/conferences/isaca-virtual-conference/agenda
Thursday 20 February 10:45 UTC
EMEA: 313 - Assessing And Mitigating End-user Risks In The Use Of Excel Spreadsheets For Critical Uses
We'll be there!
Visit us at HANNOVER MESSE 2025! Experience the innovative combination of #Wiki and #AI #live at booth B22, hall 17. Whether #offboarding or #compliance - #BlueSpice always offers the ideal #knowledgemanagement solution for your #company! https://bluespice.com/bluespice-at-hannover-messe-2025/
Had a call today with one of those security compliance vendors (eg SOC2 platform) stuff. I could have closed my eyes and been at a used car dealer.
- What else are you looking at? Really wanted specific names.
- I can do a deal, just need to check with finance
- A number of add-ons available at 5k+ each
- How long would you sign for?
- Can fit so much automation and AI in this bad-boy you won't have to do anything.
Also; if your previous technology choices made this hard... That means a wider discussion to fix it, and don’t let outside people pressure you into compromising on data intregity in systems that need auditing. The bad ones will throw your reputation away anyway if they pressure you to do bad work and it messes up later #databasedesign #DatabaseDevelopers #systemDesign #Accountancy #Audit
The nuance that seems to come up is parent records with child records - ie if you remove the association, the associated child audit entries disappear.
Its easier to see the issue if you remove this type of record keeping to other situations- ie if a foster parent looks after a child, say the kid breaks a leg playing football while under the care of the carer, then the kid moves on…. You’d want to know that both the kid had the accident with the carer and that the carer looked after a kid that had an accident while with them. Both sets of information either end are needed. The accident shouldn’t disappear from the carer’s record.
Yet you hear this from system designers or developers.
I’m starting to think that anyone who designs or builds systems that handle data should do a basic bookkeeping course that covers how double entry works.
The accountants managed to work out for us since the 13th Century that if you move money from A to B, both A and B need an audit entry describing the movement each way. Write only - nothing is removed. Yet I don’t see an equivalent teaching in the various system design books, despite this concept being fundamental to any system that needs (financial and non-financial) auditing capabilities.
We live and breathe Open Source! All parts of IPFIre are fully open and auditable at https://git.ipfire.org #opensource #git #security #audit