Skip to main content
← All Tags

Security

211 articles in this category (Page 6 of 9)

AI NewsSecurityDevOps

Automated Vulnerability Scanning for Homelab Containers with Trivy + AI

Space Terran released a GitHub Actions workflow that automates weekly Trivy scans and AI-powered risk assessment for all Docker images in a homelab organization.

Read more
AI NewsAISecurity

Securing AI-Assisted Coding with Hardened Containers and Sandboxes

Docker COO Mark Cavage details the shift toward hardened containers and agent sandboxes to secure AI-agentic workflows and microservices.

Read more
AI Newsfraudpreventionsecurity

Preventing Fake Signups: A Layered Registration Fraud Guide

Protect registration forms from automated bots and disposable emails using layered validation strategies that balance security with user conversion.

Read more
AI NewsDevOpsSecurity

Ghostable v2.5.2: Hardening Secret Operations with Strict Conflict Handling and SIEM Webhooks

Ghostable updates introduce strict conflict modes and signed audit webhooks to prevent accidental secret overwrites and improve security observability.

Read more
AI NewsDevOpsSecurity

Implementing Cloudflare's 'Toxic Combinations' Strategy for Incident Prevention

Reduce high-impact outages by detecting 'toxic combinations' of low-signal events before they trigger user-visible incidents.

Read more
AI NewsSecurityDevOps

Analyzing 600 Daily Automated Attack Requests on Public Servers

A public server recorded 602 hostile requests in one day, revealing that 41% of all internet traffic consists of automated vulnerability probes.

Read more
AI NewsKubernetesSecurity

Building and Testing Production-Grade Kubernetes RBAC via ServiceAccount Tokens

Adil Khan details building a production-grade Kubernetes RBAC setup using dedicated ServiceAccounts and explicit subresource permissions to prevent 403 errors.

Read more
AI NewsSecurityAI

Beyond the Consumer Model: Moving to Zero-Knowledge Secret Operations for AI Agents

AI agents that store API keys in memory are vulnerable to attacks like CVE-2026-21852; the operator model removes secret values from agent memory entirely.

Read more
AI NewsSecurityWeb Development

Chromium Patches CVE-2026-2441: Understanding the CSS-Triggered Use After Free Vulnerability

Google Chrome patched CVE-2026-2441, a high-severity Use After Free vulnerability in the Blink CSS engine allowing remote code execution via crafted HTML.

Read more
AI NewsSecurityDevOps

Build a Private Skills Registry for OpenClaw: Securing AI Agent Supply Chains

Secure your AI agent environment by building a private skills registry; 824 malicious OpenClaw skills have already been identified, requiring mandatory Ed25519 signatures and sandboxing.

Read more
AI NewsSecurityAI Engineering

Security Analysis: 174 AI Agent Requests to a Public MCP Server

Analysis of 174 MCP requests reveals that 37.4% of servers lack auth and agents are already attempting credential extraction through social engineering.

Read more
AI NewsSecurityAI

Securing LLMs: Why Traditional WAFs Fail Against Prompt Injection

Prompt injection attacks bypass traditional WAFs by using natural language that signature-based rules cannot detect, requiring AI-native security solutions.

Read more
AI NewsSecurityMachine Learning

Securing AI Trading Systems: Overriding Transitive NPM Vulnerabilities and RLHF Optimization

Igor Ganapolsky achieves a 50% success rate across 110 feedback signals by overriding vulnerable npm dependencies and implementing Thompson Sampling.

Read more
AI NewsDevOpsSecurity

GitHub Open Sources Dependabot Proxy Under MIT License for Secure Dependency Management

GitHub has open-sourced the Dependabot Proxy under the MIT license, enabling full end-to-end auditability of authentication for private package registries.

Read more
AI NewsSecurityAI

41% of Official MCP Servers Lack Authentication: A Security Audit of 518 AI Agent Tools

A security audit of 518 servers in the Model Context Protocol registry reveals that 41% lack authentication, exposing 1,462 tools to potential AI agent exploitation.

Read more
AI NewsSecurityAI

AI Agent Security Failures and the OpenClaw Dumpster Fire: Weekly Security Review

OpenClaw faces a security crisis with 1,184 malicious skills discovered as AI agent security and container escapes dominate the 2026 threat landscape.

Read more
AI NewsSecurity

True End-to-End Encryption with Insertable Streams

Insertable Streams enable true E2EE

Read more
AI NewsSecurityDevOps

Securing Claude Code with Pipelock

Pipelock scans MCP server responses for prompt injection patterns and credential leaks, protecting Claude Code from potential security threats with a 283 out of 3,984 skills referencing hardcoded credentials.

Read more
AI NewsSecurityWeb Development

Simplify Role Assignment with Role-Based Invitations in Better Auth

Better Auth introduces a plugin for role-based invitations, streamlining role assignment and enhancing security.

Read more
AI NewsSecurityZero Trust

Zero Trust in the Age of AI Agents: A $100B Security Paradigm Shift

The traditional security paradigm is shifting towards zero trust, with a projected market value of $100B by 2030, as AI agents force a rethink of security architectures.

Read more
AI NewsSecuritySoftware Development

Vibe Coding and 1.5M API Leaks: The Moltbook Post-Mortem

The Moltbook launch exposed 150,000 leaked API keys due to 'vibe coding' and lack of security audits.

Read more
AI NewsDevOpsSecurity

Streamlining Authentication with SQL: A Zero-Budget Approach

Automate authentication flows using SQL databases and scripting, achieving a 100% reduction in auth service costs.

Read more
AI NewsSecurityWeb Development

CVE-2025-59471: Next.js Image Optimizer Vulnerability Causes Denial-of-Service

Next.js Image Optimizer flaw (CVE-2025-59471) allowed attackers to crash Node.js processes with multi-gigabyte images, patched in versions 15.5.10 and 16.1.5.

Read more
AI NewsJavaSecurity

Java Roundup: JDK 27 Targeting Post-Quantum Security, Grizzly 5.0 Released

January 19th, 2026 sees JEP 527 move to 'Targeted' in JDK 27, addressing post-quantum security with hybrid key exchange.

Read more