Topic

#Security

55 articles on Security — news, releases, guides and analysis from the SourceFeed engine.

Inside JumpServer: Open-Source PAM for Modern Infrastructure

A self-hostable alternative to commercial PAM platforms brings browser-based access control, but its multi-component architecture requires careful management.

Emeka Okafor

Hardening Terraform: Fixing 4 Common AWS Security Blind Spots

Default cloud configurations often prioritize convenience over security, leaving infrastructure vulnerable to automated scanning and compromise.

Article · 8h ago0

GLM 5.2 Beats Claude in Security Benchmark

Zhipu AI's open-weight model outshines proprietary giants in detecting complex access control vulnerabilities without leaking code.

Article · 23h ago6

The Missing Codex Ignore File and How to Work Around It

Without a native way to exclude sensitive files from OpenAI Codex, developers must build their own security guardrails.

Article · 1d ago5

Sovereign AI and the Death of the Single-API Monolith

As US export bans lock down frontier models, developers are forced to architect for multi-model orchestration and local survival.

Article · 2d ago1

How to Stop AI Agents From Committing Your Secrets

AI coding assistants are silently exposing credentials in git history. Here is how to lock down your local workflow.

Article · 2d ago0

Stop GitHub Copilot From Sabotaging Your Terraform Security

AI autocompletions silently introduce insecure IaC patterns that pass local validation but fail in production.

Article · 2d ago2

Dynamic Database Credentials with HashiCorp Vault: AppRole Auth and Short-Lived Postgres Secrets

Stop hardcoding database passwords. Configure Vault's AppRole auth method and database secrets engine to issue per-application, auto-expiring Postgres credentials that your app fetches at runtime and Vault cleans up automatically.

Tutorial · 2d ago0

The MCP Security Blind Spot in AI Coding Assistants

A high-severity flaw in Amazon Q Developer highlights how repository-carried configuration files are turning simple git clones into cloud compromises.

Article · 3d ago0

Miasma Proves Trusted Publishing Can Backfire Spectacularly

The self-propagating Miasma worm exploits GitHub Actions OIDC and phantom build files to turn security standards against developers.

Article · 3d ago0

Akrites Bets Open Source Security on Secrecy and Speed

A Linux Foundation coalition wants to patch the commons before AI-assisted attackers can, but the model trades transparency for a head start.

News · 3d ago1

Prompt Injection Is the Least of Your AI Security Problems

Real-world attacks reveal that while frontier models can resist linguistic trickery, your glue code and infrastructure are wide open.

Article · 3d ago1

The Client-Side Illusion: Lessons from the J&J Web App Vulnerabilities

Relying on frontend SSO flows without backend token validation is a recipe for trivial administrative takeovers.

Article · 4d ago0

The AI Auditing Wave and the End of Battle-Tested Code

As AI-driven vulnerability discovery systematically strips latent bugs from curl, developers must rethink their dependency patching strategies.

Article · 4d ago1

The distillation attack no API can fully block

Anthropic's 28.8-million-query accusation against Alibaba exposes an uncomfortable truth: when you sell model outputs, you sell the training data too.

Article · 4d ago4

Minimus Goes Free to Commoditize Hardened Container Images

By removing the registration wall, Minimus challenges Chainguard and shifts the container security focus from scanning to stripping bloat.

Article · 5d ago2