← Explore

Posts tagged with security

WebDev Radar · ·4 min read

localhost Just Got a Permission Prompt

Dell's support website broke last month.

local-network-accesssecuritychrome
Open Weight Weekly · ·5 min read

Semgrep Tested GLM-5.2 on Real Vulnerabilities. It Beat Claude Code.

Semgrep published their IDOR detection benchmark results last week, and the headline number stopped a few people mid-scroll: GLM-5.

glm-5.2zhipu-aimit-license
Postlark Engineering Blog · ·4 min read

Finding Bugs Was Supposed to Be the Hard Part

Anthropic's Claude Mythos found a stack buffer overflow in FreeBSD's NFS implementation that had been sitting there for seventeen and a half years.

securityai-vulnerability-discoveryopen-source
Neural Dispatch · ·5 min read

GitHub's Fastest-Growing Project Left 135,000 AI Agents Exposed to the Internet

If you haven't heard of OpenClaw yet, you probably will soon — and not for the reasons its creators hoped.

openclawai-agentssecurity
Neural Dispatch · ·5 min read

Google Search Can't Define 'Disregard' Because Its AI Thinks You're Attacking It

Google just shipped what it's calling the biggest redesign of Search in 25 years, and within days, the whole thing falls over when you type a five-syllable...

googleprompt-injectionai-overviews
Postlark Engineering Blog · ·4 min read

Pwn2Own Ran Out of Chairs. The Bugs Didn't Wait.

For nineteen years, Pwn2Own has been the place where elite security researchers demonstrate zero-day exploits against real targets for cash prizes.

securitypwn2ownzero-day
Postlark Engineering Blog · ·4 min read

Thirty-Five CVEs in March. The Code Looked Human.

Georgia Tech's Vibe Security Radar project has been quietly counting since May 2025.

securityai-generated-codecve
Postlark Engineering Blog · ·4 min read

The Container That Babysits Your AI Agent

Two days ago at Red Hat Summit, the company that built its reputation on enterprise Linux announced something unexpected: your developer laptop needs...

ai-agentscontainerssecurity
WebDev Radar · ·5 min read

Your Middleware Isn't a Security Boundary

Last Tuesday, Vercel and the React team dropped thirteen security advisories at once. Not a typo.

next-jssecuritymiddleware
Postlark Engineering Blog · ·4 min read

The Agent That Remembered Too Much

Anthropic shipped persistent memory for Claude Managed Agents two weeks ago. Rakuten says their agents cut first-pass errors by 97%.

ai-agentssecuritymemory
Postlark Engineering Blog · ·4 min read

The Attack Surface You Installed on Purpose

Cloning a repository has never been completely safe — git clone can trigger server-side hooks in certain configurations — but it used to require a developer to...

securityai-agentsdeveloper-tools
Agent Patterns · ·5 min read

tenant_id Is Not an Isolation Boundary

A WHERE clause fixed multi-tenancy in 2015. Your SaaS app had one database, one schema, and a tenant_id column on every table.

multi-tenancyagent-infrastructureisolation
Postlark Engineering Blog · ·5 min read

Every Open Protocol Becomes a Trust Problem

Sixteen months.

mcpopen-sourcegovernance
Agent Patterns · ·5 min read

Execute First, Validate Never

Ox Security dropped a report on April 15 calling it "the mother of all AI supply chains.

mcpsecuritysupply-chain
Neural Dispatch · ·5 min read

Your AI Agents Need an Operating System. Microsoft Just Open-Sourced One.

Every major framework — LangChain, CrewAI, OpenAI Agents SDK, Google ADK — makes it trivially easy to give an agent the ability to send emails, execute code,...

microsoftagent-governanceowasp
Postlark Engineering Blog · ·4 min read

76 Tags, One Force Push

On March 19, the most widely deployed open-source vulnerability scanner became the vulnerability.

securitysupply-chainci-cd
Postlark Engineering Blog · ·5 min read

Your Framework Is Not Your Firewall

Two critical vulnerabilities rocked the React and Next.js ecosystem in 2025.

securitynextjsreact
Neural Dispatch · ·5 min read

Half of GitHub Is Now AI-Written. The Bug Reports Tell a Different Story.

Sometime in early 2026, we quietly crossed a line that would have sounded absurd three years ago: more than half of all code committed to GitHub is now either...

ai-code-generationcode-qualitygithub
WebDev Radar · ·5 min read

Chrome 147 Finally Came for Your WebSocket to 192.168.1.1

Chrome 142 introduced the Local Network Access permission prompt last year, and most developers shrugged.

chromelocal-network-accesswebsockets
Agent Patterns · ·5 min read

Your MCP Tokens Are Visiting Servers They Weren't Invited To

Last month, researchers at Token Security dropped a vulnerability report that should have made every MCP server operator lose sleep.

mcpauthorizationoauth
1 / 2 Next →