Trending

All I Want for Xmas Is Your Secrets: LangGrinch Hits LangChain (CVE-2025-68664)

Clearspace (YC W23) Is Hiring a Founding Network Engineer (VPN and Proxy)

CSRF protection without tokens or hidden form fields

Mattermost restricted access to old messages after 10000 limit is reached

Your Inbox Is a Bandit

European Majority favours more tech regulation

Some Epstein file redactions are being undone with hacks

X-ray: a Python library for finding bad redactions in PDF documents

Permission Systems for Enterprise That Scale

JEP 500: Java to Enforce Strict Final Field Immutability by Restricting Reflection

JEP 500 prepares the Java ecosystem for final field integrity in JDK 26, restricting deep reflection mutations. This crucial update aims to enhance safety and performance by closing a long-standing loophole, transitioning toward stricter encapsulation. Developers can now anticipate warnings when attempting these mutations, ensuring a reliable path for future optimizations. By A N M Bazlur Rahman

Article: Trustworthy Productivity: Securing AI Accelerated Development

Autonomous AI agents amplify productivity but can cause severe damage without safeguards. Defend the ReAct loop—context, reasoning, and tools—through provenance gates, planner-critic separation, scoped credentials, sandboxed code, and STRIDE/MAESTRO threat modeling. With robust logging, bounded autonomy, and red-teaming, agents can deliver trustworthy productivity while minimizing risk. By Sriram Madapusi Vasudevan

Magika 1.0: Smarter, Faster File Detection with Rust and AI

Google has just released version 1.0 of Magika, a substantial rewrite of its open-source file type detection system. The new version leverages AI to support a broader range of file types and is built in Rust for maximum speed and security. By Sergio De Simone

Five AI Security Myths Debunked at InfoQ Dev Summit Munich

Katharine Jarmul challenged five common AI security and privacy myths in her InfoQ Dev Summit Munich 2025 keynote: that guardrails will protect us, better model performance improves security, risk taxonomies solve problems, one-time red teaming suffices, and the next model version will fix current issues. She said that current approaches to AI safety rely too heavily on technical solutions. By Karsten Silz

Presentation: Securing AI Assistants: Strategies and Practices for Protecting Data

Andra Lezza explains the criticality of data security for AI copilots, detailing the OWASP AI Exchange threat model and the OWASP Top 10 LLM risks. She reviews two copilot architectures - independent (single domain) and integrated (multi-tenant) - listing specific threats, controls, and best practices like granular authorization, templates, and DevSecOps to secure the entire AI data supply chain. By Andra Lezza

Patch Urgently - Critical Vulnerability CVE-2025-55182 in React Server Functions Actively Exploited

An unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC) was recently reported with the highest severity (10.0). Amazon threat intelligence teams report active exploitation attempts by multiple China state-nexus threat groups. The critical vulnerability affects React versions 19.0.0 through 19.2.0 and Next.js versions 15.x and 16.x when using App Router. By Bruno Couriol

How are you handling access controls for your AI Agents?

Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours — new counterattack breaks encryption

Hacker Laws: Kerckhoffs's principle

Best practices for handling third-party API credentials

Popular GitHub Action `tj-actions/changed-files` has been compromised with a payload that appears to attempt to dump secrets

Fired “Kill Switch” Programmer Faces 10 Years In Jail: What Went Wrong?

A DOGE staffer broke Treasury policy by emailing unencrypted personal data

TSA Says Its Credit Cards for Bomb-Sniffing Dogs Are Cut Off

US Attorney General Pam Bondi warns alleged vandals: “If you’re gonna touch a Tesla, go to a dealership, do anything, you better watch out because we’re coming after you.”

cifertech

Save item

nRFBox

Open-source ESP32-powered tool to scan, jam, spoof, and master BLE, Wi-Fi, and 2.4GHz networks.

simplex-chat

Save item

simplex-chat

SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱!

projectdiscovery

Save item

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

projectdiscovery

Save item

nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

schollz

Save item

croc

Easily and securely send things from one computer to another 🐊 📦

goauthentik

Save item

authentik

The authentication glue you need.

casbin

Save item

casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

tailscale

Save item

tailscale

The easiest, most secure way to use WireGuard and 2FA.

google

Save item

osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev