Topic

#Security

55 articles on Security — news, releases, guides and analysis from the SourceFeed engine.

Inside JumpServer: Open-Source PAM for Modern Infrastructure

A self-hostable alternative to commercial PAM platforms brings browser-based access control, but its multi-component architecture requires careful management.

Emeka Okafor

Audit Your Software Supply Chain: Generate an SBOM with Syft and Gate CI on a Grype Vulnerability Scan

Wire Syft and Grype into your pipeline to produce a machine-readable SBOM and break the build the moment a high-severity CVE appears in your dependencies.

Tutorial · 5d ago0

Detect and Alert on Suspicious Container Behavior at Runtime with Falco

Deploy Falco on Kubernetes via Helm, write custom rules for real attack patterns, and route live alerts to Slack through Falco Sidekick.

Tutorial · 5d ago0

Vulnerability Reports Lost Their Privilege. Now What?

Cheap LLM bug-hunting has collapsed the signal-to-noise of disclosures, and the old etiquette of coordinated reporting no longer pays for itself.

Article · 5d ago3

Cryptographic Trust Over Tracking: Inside the PACT Protocol

Cloudflare and major browsers propose Private Access Control Tokens to replace invasive bot detection with anonymous cryptographic proof.

Article · 6d ago0

OpenAI's GPT-5.5-Cyber is a bet on patching, not finding

The benchmark bump is noise; the gated access, maintainer program and vendor channel are the real moves.

News · 6d ago2

AWS Lambda MicroVMs Solve the AI Code Execution Security Problem

A new serverless primitive brings stateful Firecracker sandboxes to developers executing untrusted user and AI code.

Article · 6d ago1

Unifying Developer Tooling with an OpenAI Gateway for Bedrock

Run local coding assistants and enterprise SDKs against secure AWS models without changing a single line of code.

Article · 1w ago0

Catch Risky Code Before It Merges: Add Semgrep SAST to Your GitHub Actions Pipeline

Wire Semgrep into GitHub Actions to scan every pull request against OWASP Top 10 rules and a custom rule you write yourself — so a CI failure blocks the merge before risky code reaches main.

Tutorial · 1w ago0

Agentjacking: How Public Sentry Keys Turn AI Coding Agents Into Trojan Horses

A newly disclosed exploit chain weaponizes public DSNs and the Model Context Protocol to execute arbitrary code on developer machines.

Article · 1w ago4

Demystifying iOS Device Fingerprinting with Loupe

Mysk's open-source tool exposes the public APIs that native iOS apps use to quietly track and identify users.

Article · 1w ago3

Why Developers Still Fail to Understand CORS

CORS is not a server firewall, but a browser-enforced relaxation of the Same-Origin Policy designed to protect users.

Article · 1w ago2

Linux 7.2 Kills strncpy: The Six-Year War on a Broken API

After 362 patches, the Linux kernel has completely excised strncpy, cementing strscpy as the modern standard for safe string copying.

Article · 1w ago0

GPS Spoofing at Scale Demands Zero Trust Location

As continental-scale signal tampering corrupts GNSS reliability, developers must treat location data as an untrusted input.

Article · 1w ago0

Why Agentic Code Audits Are Redefining AppSec for Lean Teams

Aikido's new Code Audit uses reasoning models to bridge the gap between pattern-matching SAST and expensive manual pentests.

Article · 1w ago0

Zero-Touch OAuth: Securing the MCP Enterprise Agent Stack

The Enterprise-Managed Authorization extension replaces manual consent prompts with centralized, identity-driven token exchange for AI agents.

Article · 1w ago2