DevOps

How i built a Real-Time Anomaly Detection Engine for Cloud Storage

As part of my HNG DevSecOps task, I built a real-time anomaly detection engine to protect a Nextcloud instance from unusual traffic spikes and potenti…

How I Secured WordPress Media Files by Building My Own Upload Restriction Plugin

How I Secured WordPress Media Files by Building My Own Upload Restriction Plugin Security is one of those things you don't think about deeply until so…

Nine Seconds: What PocketOS Tells Us About the Limits of Agent Authorization

On April 25, a Cursor-based agent running Claude Opus 4.6 destroyed PocketOS's production database and backups within nine seconds through one API cal…

Rethinking What You Need to Do When Your Access Keys Are Compromised

"A Note from the Author" I work in the Technical Support division of an AWS reseller operating under the AWS Solution Provider Program in Japan. This …

Your AI Agent Can Be Socially Engineered. Here Are 3 Attacks That Prove It.

No jailbreak. No exploit. No alert fired. Just a conversation. In September 2025, a Chinese state-sponsored threat group ran a cyberattack against 30 …

I Built a System That Catches Hackers in Real Time

I Built a System That Catches Hackers in Real Time ​The Problem ​It was a regular Tuesday morning at cloud.ng, a rapidly growing cloud storage company…

Real-Time Anomaly Detection Engine for a Cloud Storage Platform

I built a Python daemon that watches incoming HTTP traffic in real time, learns what "normal" looks like, and automatically blocks attackers using Lin…

My road to ML-KEM-768 over X25519 for my messaging app

Eight months ago I started working on a messaging app as an hobby to see how difficult it is. One thing led to another and then I was obsessed with th…

My road to ML-KEM-768 over X25519 for my messaging app

Eight months ago I started working on a messaging app as an hobby to see how difficult it is. One thing led to another and then I was obsessed with th…

🚨 تنبيه أمني عاجل - ثغرة حرجة في tj-actions/changed-files

🚨 تنبيه أمني حرج - هجوم سلسلة التوريد tj-actions/changed-files - Supply Chain Attack ⚠️ خطر حرج | CRITICAL DANGER ⚠️ أنت وقعت في فخ أمني خطير! You've …

Building a Smart Security Guard for Your Server 🛡️

This project is part of the HNG DevOps internship (Stage 3), and trust me, it sounds way more complicated than it actually is. Let's break it down tog…

Silk Typhoon Extradition: State-Sponsored APT Operator Accountability & Persistence TTPs

Originally published on satyamrastogi.com Xu Zewei's extradition marks rare accountability for state-sponsored operators. Analysis of Silk Typhoon's t…

Drop-in iframe embed widgets for a curated security library

Per-topic widgets you can drop on a security blog as a single iframe. No JS, theme-aware via prefers-color-scheme. Found a nginx footgun while buildin…

Why AI Is Breaking Your API Security Model (And Nobody on Your Team Notices)

Your API gateway is lying to you. While you’ve been perfecting your OAuth flow and rate-limiting on the front door, AI has been busy building back doo…

Every scanner checks what exists. Nobody checks what's missing

When cloud resources are deleted, the references to them persist — in IAM policies, event triggers, compute configs, and trust relationships. These or…

GitHub Actions is the weakest link

4 Security Headers Every Website Should Have

4 Security Headers Every Website Should Have As web developers and agencies, we're constantly building and optimizing. While performance and features …

Thinking Like an Attacker: The Airbags and Seatbelts of Smart Contract Security

In our last post, we built a mathematical proving ground using Foundry . We used stateful fuzzing to prove that the rules of our MilestoneCrowdfundUpg…

We Built DAST for AI Agents. Every Agent We Tested Failed.

8 dimensions. 38 checks. 5 seconds. 0% industry pass rate. The Problem DAST exists for web apps. DAST exists for APIs. DAST does not exist for AI agen…

An AI Tool Had OAuth to Their Whole Google Workspace. Then Vercel Got Breached.

A Vercel employee signed up for an AI tool. They clicked Allow All on the OAuth consent screen. Three weeks later, customer environment variables were…

Building a Rolling-Baseline HTTP Anomaly Detector (No Fail2Ban)

Every VPS running a public web app gets hit with traffic it didn't ask for, from scrapers, brute-force login attempts, or just someone's misconfigured…

Stop merging vulnerable API code — automate PR security gates with Semgrep + Claude AI

Stop merging vulnerable API code — automate PR security gates with Semgrep + Claude AI Every team says "we'll fix it after the merge." They rarely do.…

10 Security Principles Before You Ship an MCP Server

10 Security Principles Before You Ship an MCP Server Model Context Protocol (MCP) servers are becoming the standard way AI agents interact with extern…

Frequency Hopping Spread Spectrum on LoRa SX1262: Making Radio Undetectable

LoRa is a remarkable modulation scheme. It achieves sensitivity below -140 dBm, delivers reliable links at distances conventional radios cannot reach,…

Asqav now ships on npm. TypeScript agent governance is live

If your AI agents run on TypeScript, you have probably noticed every governance and observability tool in the space treats Python as the default and J…

Our Auditor Asked How We Prove Logs Aren

We were 4 months into our SOC 2 audit when the auditor asked a question that stopped us cold: "How do you prove that your audit logs haven't been modi…

Responsible Disclosure Is a Governance Problem, Not an Ethics Problem

The ethics are fine. The architecture is broken. For years, the security industry has treated responsible disclosure as a moral test: are you a "good"…

How nylas audit export Works: Export audit logs to JSON or CSV for compliance, analysis, or backup

Export audit logs to JSON or CSV for compliance, analysis, or backup. Essential for SOC 2 compliance and AI agent oversight. The nylas audit export co…

🚀 OathMesh v1.0.0-rc.1: Zero-Trust API Keys That Survive the Real World

Replacing static API keys with 5-minute, self-destructing Ed25519 tokens sounds great—until your Redis node dies, NTP drifts, or you realize you have …

88% of Agent Systems Got Hacked — Your LangGraph Auth Layer Is the Problem

88% of Agent Systems Got Hacked — Your LangGraph Auth Layer Is the Problem 88% of teams running AI agents reported security incidents. Not hypothetica…