We scanned 17,000 Claude Code skills. 39% run shell commands - only 4% say so up front.
An AI skill is a Markdown file your coding agent reads and obeys. GitHub code search currently finds 74,192 SKILL.md files installed under .claude/ski…
Latest Web news from Tech News
All topics
AI
agents
ai
api
architecture
automation
aws
beginners
career
claude
database
devchallenge
devops
javascript
learning
linux
llm
machinelearning
mcp
opensource
performance
productivity
programming
python
react
security
showdev
tutorial
typescript
webdev
End-to-End GitHub Security Hardening Guide for Organizations
GitHub is not just a source code platform anymore. For most engineering organizations, GitHub is part identity system, part software supply chain, par…
Cloud Security Is Not About the Tools — It Is About the Thinking Behind Them
Most people think cloud security is about tools. Install GuardDuty. Enable Security Hub. Turn on CloudTrail. Done. It is not that simple. Tools withou…
Applying Checkov to Terraform as Code – A TFSEC Alternative
Static Application Security Testing (SAST) is a critical practice in modern DevSecOps. While tools like SonarQube, Snyk, and Veracode are popular, thi…
AI Security Scanning Tools in 2026: Snyk vs Semgrep vs OX Security — Real False-Positive Rates Tested
AI Security Scanning Tools in 2026: Snyk vs Semgrep vs OX Security — Real False-Positive Rates Tested If you're still manually reviewing security scan…
Why Every CISO Needs an AIBOM in 2026 — And What Most Vendors Get Wrong
A friend of mine runs security at a mid-size fintech. Last month she got a Slack DM from her general counsel at 9:47 on a Tuesday night. The Italian D…
"It's not a bug, it's spec": a zero-click RCE in AI coding agents that three vendors won''t patch
TL;DR — A prompt injection can rewrite your AI IDE's mcp.json the moment you open a project, with no dialog and no click, and get arbitrary code execu…
Best Practices по Dockerfile: от базового образа и кеша до SBOM, Cosign и CI/CD
Статья получилась большой: практик много, и каждая из них важна по-своему. Я собрал её как набор best practices: не все пункты нужны каждому проекту, …
Threat Detection in Kubernetes with Falco
Finding out there is "suspicious activity" in your infrastructure is enough to make any DevOps engineer's heart rate spike. If you’re running containe…
Automate Kubernetes Image Vulnerability Scanning
Security in a cloud-native environment is only as strong as its weakest link. A recent security audit revealed a critical gap: container images were b…
I Scanned a Vulnerable Kubernetes Cluster with 9 Engines — The AI Filter Caught Everything
I run Debuggix, a free security scanner that runs 9 engines in parallel. For Episode 3 of our "Verified or Not" series, we scanned Kubernetes Goat — a…
The real attack surface for AI coding agents is the config file
If you think the security risk of AI coding agents (Claude Code, Cursor, Gemini CLI) is "the model goes rogue and runs a dangerous command," the serio…
Why your vulnerability dashboard is lying to you (and how to fix it)
You open your vulnerability dashboard on a Monday morning and see 47 critical CVEs across 12 assets. By Thursday, your team has patched 11 of the 12 a…
Building Agentra, An Enterprise AI Engineering Control Plane for Secure Coding Agents
Open source repository: https://github.com/arijeetganguli/agentra PyPI: https://pypi.org/project/agentra/ AI coding agents are becoming part of everyd…
Automate LLM Red Team Campaigns with PyRIT
If you're still testing LLM guardrails by hand — retyping variations in a chat tab, logging results in a notebook, eyeballing responses — you're leavi…
Causa GitHub, or: Your Editor Extensions Run as You
Wire Fire — Episode 02 On 18 May 2026 an attacker published a poisoned version of a popular Visual Studio Code extension. It was live for roughly elev…
How We Got a CISA GitHub Leak Taken Down in Under a Day
On May 14, 2026, GitGuardian found what looked like leaked CISA secrets in a public GitHub repository named Private-CISA. It held 844 MB of data acros…
The Agent That Created 107 PRs (And Why That Was the Problem)
The Agent That Created 107 PRs (And Why That Was the Problem) One of our leaders has a way of framing AI initiatives that I find genuinely useful. Thr…
Веб vs Мобилка: кто в опасности? Сравниваем безопасность двух миров
Спойлер: оба, но по-разному - и это важно понимать. Каждый раз, когда слышим «у нас все нормально с безопасностью, мы же не банк», что-то внутри сжима…
Digital Signatures: The “Trust Me Bro” Detector for Junior Cybersecurity Engineers
Digital Signatures: The “Trust Me Bro” Detector for Junior Cybersecurity Engineers Subtitle: How digital signatures help prove who signed something, w…
A Practical Terraform Security Review with Codex and Claude Code
A Practical Terraform Security Review with Codex and Claude Code A Terraform repository is not just code. It is a map of your cloud control plane. It …
Clinejection: When Your AI Coding Tool Became the Weapon
This article was originally published on LucidShark Blog . On February 17, 2026, a developer opened a GitHub issue on the Cline repository. The issue …
We built a free open source alternative to Wiz for Azure — here is how it works
Enterprise cloud security tools like Wiz, Prisma Cloud, and Microsoft Defender for Cloud cost upwards of $500,000 per year. Most organisations running…
How I Discovered and Deobfuscated a Hidden PHP Backdoor on My Server
As developers and system architects, we often secure our code but neglect the silent threats lurking in old directories or clever obfuscations. Recent…
DevSecOps Pipeline in a Day: Automated Security from Commit to Deploy
Security that happens after deployment is already too late. By the time a quarterly penetration test discovers hardcoded secrets, vulnerable container…
Why Strict "Zero Trust" Breaks Secret Management (And How We Built a Zero-Persistence Vault Instead)
This is a technical deep dive into the cryptography behind Ennote's enterprise architecture. You can read the original full-length post on our enginee…
Утопали в дефектах, пока собирали «единое окно»
«У нас было два пакета findings SAST’а, семьдесят пять CVE с критичностью — Critical, пять дублей одной и той же CVE в разных сервисах, пол солонки fa…
Vulnerability Remediation Prioritization — How to Handle Hundreds of CVEs Without Getting Overwhelmed
You just ran a dependency scan and the report shows 133 vulnerabilities. 34 are Critical. 68 are High. The dashboard is red, the backlog is exploding,…
Один ИИнженер – десять рук: как мы исследовали LLM в AppSec
Всем привет, на связи Solar appScreener! В этой статье расскажем о нашем опыте использования ИИ в нашем собственном продукте. ИИ-агенты уже стали неот…
🔐Enforcing image provenance in Kubernetes using Cosign + Sigstore + Kyverno
What if your Kubernetes cluster simply refused to run unsigned images? I spent some time experimenting with enforcing image provenance in a small Kube…