Your Platform Team Needs an Agent Policy — Yesterday
On March 3rd, an attacker compromised the Xygeni GitHub Action by poisoning a mutable tag. Every CI runner referencing xygeni/xygeni-action@v5 quietly…
Open Source
⚑ Report a ProblemLatest Open Source news from Dev Signal
All topics
AI
Gear
Report
agents
ai
api
architecture
automation
aws
beginners
career
cloud
devops
javascript
linux
llm
machinelearning
mcp
nextjs
opensource
productivity
programming
python
react
security
showdev
startup
tutorial
typescript
webdev
Stop Putting LLM API Keys in .env Files
You have five or ten LLM API keys sitting in a .env file right now. I know because I did too. OPENAI_API_KEY=sk-proj-... ANTHROPIC_API_KEY=sk-ant-... …
HTTPX Project at Risk: How Maintainer Disengagement and Security Concerns Threaten Its Future
Current State of HTTPX: Signs of Stagnation The HTTPX project, once a thriving initiative, now shows clear signs of maintainer disengagement, kinda ca…
Do You Know Where Your JWT Goes When You Paste It Into an Online Tool?
The Moment I Froze Pasting a JWT token into an online decoder. Throwing API response JSON into a formatter. Diffing code with an online tool. If you'r…
The Swiss Cheese Model of AI Security — Why Single-Layer Defense Always Fails
I was on a flight today, and a thought hit me: radio signals can interfere with avionics — so why don't airlines just confiscate everyone's phones? Wh…
How to Create And Configure Network Security Groups
What is a Network Security Group? A Network Security Group (NSG) is a set of security rules that allow or deny network traffic to resources such as: .…
Security news weekly round-up - 13th March 2026
Security education can go a long way. It can help companies and users patch their vulnerable systems and be aware of the threats that are out there. T…
CVE-2026-26118: How to Prove Your MCP Agent Wasn
CVE-2026-26118: How to Prove Your MCP Agent Wasn't Compromised Microsoft disclosed CVE-2026-26118 this week: a Server-Side Request Forgery (SSRF) vuln…
1,149 Humans Tried to Social-Engineer Our AI Banker. Here's What OWASP's Agentic Framework Missed.
We ran a public Capture the Flag at vault.aport.io to stress-test the OWASP Top 10 for Agentic Applications against real human attackers. Not a red-te…
We Scanned 17 Popular MCP Servers — Here's What We Found
The Model Context Protocol (MCP) is quickly becoming the standard for connecting AI agents to external tools. Claude Desktop, Cursor, Windsurf, and do…
The OWASP Smart Contract Top 10: 2026 — Every Vulnerability Explained With Real Exploits
The OWASP Smart Contract Top 10: 2026 just dropped, and it's the most data-driven edition yet — built on 122 deduplicated incidents from 2025 totaling…
Email-Validation API
Overview This Email Validator API goes beyond basic syntax checking. Most email validators only check if the format looks correct. This API actually c…
Solv Protocol's $2.7M ERC-3525 Reentrancy: How Semi-Fungible Tokens Created a Double-Minting Loophole
On March 5, 2026, an attacker turned 135 BRO tokens into 567 million — a 4.2-million-x inflation — by exploiting a reentrancy flaw in Solv Protocol's …
Building what NIST is asking for: an AI agent security proxy
NIST just closed a public RFI on AI agent security. The question they were asking, in five different ways: how do you constrain what an AI agent can d…
AWS Authentication: IAM Identity Center (SSO) - The right way in 2026
The right way to authenticate in AWS in 2026. Goodbye access keys, hello temporary credentials. The problem with access keys For years, the "normal" w…
SQL Injection – time delays and information retrieval| PortSwigger Lab Note #10
target: Lab URL: https://portswigger.net/web-security/learning-paths/sql-injection/sql-injection-exploiting-blind-sql-injection-by-triggering-time-del…
Hands-On IAM with WSO2 Asgardeo: Configuring SSO, MFA, and Adaptive Authentication
Hands-On IAM with WSO2 Asgardeo: Configuring SSO, MFA, and Adaptive Authentication A real walkthrough of every task from the WSO2 DevOps training prog…
The Architect’s Dilemma: Migrating Authentication from Clerk to Auth0
The Backstory As a Full-Stack Engineer and the founder of Delta Auth , I’ve spent countless hours obsessing over the "handshake" between a user and an…
CVE-2026-29066: CVE-2026-29066: Arbitrary File Read in TinaCMS CLI via Permissive Vite Configuration
CVE-2026-29066: Arbitrary File Read in TinaCMS CLI via Permissive Vite Configuration Vulnerability ID: CVE-2026-29066 CVSS Score: 6.2 Published: 2026-…
API Key Security Best Practices Every Developer Should Know.
You probably have API keys scattered everywhere right now. .env files. Notion docs. Slack messages. Maybe even a sticky note. And honestly? Most devel…