Retrospective: 2 Years of DevSecOps at Stripe – Reducing Vulnerabilities by 70%
Two years ago, Stripe’s security team was drowning: 1,200 open vulnerability tickets, 42% of production deployments blocked by manual security reviews…
Open Source
⚑ Report a ProblemLatest Open Source news from Tech News
All topics
AI
agents
ai
api
architecture
automation
aws
beginners
career
claude
database
devchallenge
devops
discuss
javascript
linux
llm
machinelearning
mcp
opensource
performance
productivity
programming
python
rust
security
showdev
tutorial
typescript
webdev
ИИ взломали. Кто бы мог подумать?
В Git in Sky мы последние полтора года плотно занимаемся безопасностью AI-контуров: аудируем интеграции, разбираем архитектуру доступов, помогаем кома…
Why Cursor Keeps Generating MD5 Password Hashes in 2026
TL;DR AI editors surface MD5 hashing from training data dominated by 2008-2014 tutorials MD5 hashes crack in milliseconds on modern GPUs -- any breach…
Should agencies build their own website security and maintenance solutions?
Or: Why agencies shouldn't build their own Alpaca Management System. We've been talking to agency development teams for quite some time and it remains…
Axios и проблема зависимостей
Как взлом одного npm-аккаунта за 3 часа распространил RAT на 174 000 пакетов и почему стандартные инструменты вроде NPM Audit это не поймали. Разбирае…
Most security tools still use 20-year-old rules. That's why I built Permi.
The Problem Old-school vulnerability scanners work like this: If response matches pattern → safe Else → unsafe That logic was fine in the early 2000s.…
Newly Discovered Skills This Week — 2026-04-12
54,764 skills indexed, 2105 audited. Found 172 malicious, 1012 suspicious. Read full report Audit: clawsec.cc Search: clawsearch.cc Pre-install check:…
Skill Category Distribution — 2026-04-12
54,764 skills indexed, 2105 audited. Found 172 malicious, 1012 suspicious. Read full report Audit: clawsec.cc Search: clawsearch.cc Pre-install check:…
Building a Zero-Trust Golang Backend (Part 3): Deploying to GKE with Strict Security Context ☸️🚀
Inilah tahap puncak dari seri DevSecOps kita. Di Part 1 kita telah membuat aplikasi Golang yang aman, dan di Part 2 kita menyusun pipeline CI/CD . Sek…
When a Git Branch Name Becomes a Weapon: The Codex Command Injection That Could Steal Your GitHub Token
This article was originally published on LucidShark Blog . In February 2026, BeyondTrust Phantom Labs quietly disclosed a command injection vulnerabil…
Why Cursor Keeps Generating Wildcard CORS -- And How to Fix It
TL;DR AI editors almost always default to cors() with no config -- which sets Access-Control-Allow-Origin: * Wildcard CORS on authenticated APIs expos…
Governing Security in the Age of Infinite Signal – From Discovery to Control
Anthropic just open-sourced vulnerability discovery at scale. Now what? A few weeks ago, Anthropic launched Glasswing , a $100 million initiative to u…