#securecoding — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #securecoding, aggregated by home.social.
-
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
Do it today, please. Tell your team. Watch the full 60 seconds.
Video link: https://twp.ai/4hpg2D
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm
2/2 -
How we reshape the fallout, is up to us.
But, there will be monsters.
There always are.
-
Do it today, please. Tell your team. Watch the full 60 seconds.
Video link: https://twp.ai/4hpWKl
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm
2/2 -
New by me: Vibe Coding Has a Security Problem, and Shipping Code You Do Not Understand Is Not a Strategy
AI-assisted coding can absolutely help teams move faster. It can also help them ship weak access controls, insecure defaults, risky dependencies, and code nobody on the team can confidently defend.
I wrote about why that matters and why review still matters just as much as speed.
-
Do it today, please. Tell your team. Watch the full 60 seconds.
Video link: https://twp.ai/E5Aq2o
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm
2/2 -
🚨 Emergency DevSec Station drop.
There's an active npm supply chain attack happening right now. Compromised packages are stealing SSH keys, AWS credentials, GitHub tokens, browser passwords, and crypto wallets on install. Then using your publish token to infect every package you maintain.
One command can protect you immediately: npm config set ignore-scripts true
Do it today, please. Tell your team. Watch the full 60 seconds.
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm -
NoSQL Injection Attacks: MongoDB, CouchDB, and More – NoSQL injection
In this article, I cover how NoSQL injection works, common attack vectors, and practical mitigation techniques.
https://denizhalil.com/2025/12/23/nosql-injection-attacks-mongodb-couchdb/#CyberSecurity #NoSQL #MongoDB #CouchDB #WebSecurity #AppSec #Injection #InfoSec #Pentesting #RedTeam #BlueTeam #securecoding
-
The security implications of "Tokenmaxxing" cannot be ignored. As code churn increases by 800%+, the window for technical debt - and potential vulnerabilities - widens. If 10-30% of AI code is being rewritten within weeks, what does that say about the initial security audit of that code?
Source: https://techcrunch.com/2026/04/17/tokenmaxxing-is-making-developers-less-productive-than-they-think/
Are you seeing more insecure patterns creeping into codebases via AI agents? Let’s discuss the risk-to-reward ratio of AI-accelerated development. Follow us for more technical analysis of the AI landscape.
#InfoSec #AppSec #CyberSecurity #SecureCoding #DevSecOps #Technadu
-
Join Fabio Cerullo’s 3-Day Web App Security Essentials training ⚔️
Exploit real vulnerabilities, understand OWASP Top 10 (2025), and tackle modern risks like AI-generated code, all in hands-on labs.
https://owaspglobalappseceuvienna20.sched.com/event/2EBUO#AppSec #CyberSecurity #OWASP #EthicalHacking #SecureCoding #Infosec
-
🔎 Cybersecurity Challenge #6 – Spot the Vulnerability
This application fetches an image from a URL provided by the user. Sounds harmless, right? 👨💻
But allowing servers to request external resources based on user input can sometimes open the door to dangerous attacks.
Take a closer look at how the URL is validated and how the request is made.
⚠️ Is the validation strong enough?
Question: What security vulnerability exists in this code?
A) SQL Injection
B) Server-Side Request Forgery (SSRF)
C) External XML Entity (XXE)
D) URL Redirection💬 Comment your answer and tell us which line reveals the vulnerability!
In the next post, I’ll reveal the correct answer and explain how attackers could exploit it in real-world environments.
#cybersecurity #infosec #ethicalhacking #websecurity #bugbounty #securecoding #CyberKid #securitychallenge #SSRF
-
Nice new #infosec zine focused on #securecoding with an interesting formula where each article only takes one page
-
So amazing to see incredible friends at Wild West Hackin' Fest! Thank you Chad!!!
And thank you Black Hills for having me in to teach! #securecoding
-
Why secure coding is ignored in hiring, how interview practices fail to detect risk, and what organizations must change to build safer software from day one. https://hackernoon.com/why-secure-coding-ability-remains-an-afterthought-in-modern-hiring-pipelines #securecoding
-
age.rb – Ruby bindings for age!
If you're working with Ruby and looking for a simple, secure, and modern solution for file encryption, age.rb bridges the gap, bringing the elegance of Ruby to the robust age encryption tool.
Give it a try, explore the repo on GitHub, and let me know what you think. Contributions and feedback are always welcome!
Repository: https://github.com/tschaefer/age.rb
#Ruby #Cryptography #OpenSource #AgeEncryption #SecureCoding
-
AI Tools Make Coders More Important, Not Less https://hbr.org/2025/12/ai-tools-make-coders-more-important-not-less #AI #AICoding #coders #AITools #cybersecurity #securecoding
-
Tiny VM sandbox in C with apps in Rust, C and Zig
https://github.com/ringtailsoftware/uvm32
#HackerNews #TinyVM #Sandbox #C #Rust #Zig #VMDevelopment #CloudComputing #SecureCoding
-
Cal.com has patched a critical authentication bypass (CVE-2025-66489) that allowed attackers to submit any non-empty TOTP field and skip password checks. Versions ≤5.9.7 were impacted.
Update to 5.9.8 to ensure both password and TOTP verification are enforced.
How should MFA implementations be validated to prevent logic gaps like this?Share your insights and follow us for more security reporting.
#infosec #appsec #CVE2025 #authentication #MFA #ThreatIntel #SecureCoding #SoftwareSecurity #VulnerabilityManagement #SecurityUpdate
-
This is such a good read on how secrets end up in logs and neat advice on how to prevent this by @ar: https://allan.reyes.sh/posts/keeping-secrets-out-of-logs/ #RecommendedRead #AppSec #SecureCoding
-
via @dotnet : Post-Quantum Cryptography in .NET
https://ift.tt/osS9nPf
#PostQuantumCryptography #DotNet10 #Cryptography #PQC #MLDSA #MLKEM #SLHDSA #CompositeMLDSA #AsymmetricAlgorithms #Cybersecurity #DataProtection #Encryption #SecureCoding #TechInnovation #Ope… -
via @dotnet : Post-Quantum Cryptography in .NET
https://ift.tt/osS9nPf
#PostQuantumCryptography #DotNet10 #Cryptography #PQC #MLDSA #MLKEM #SLHDSA #CompositeMLDSA #AsymmetricAlgorithms #Cybersecurity #DataProtection #Encryption #SecureCoding #TechInnovation #Ope… -
via @dotnet : Post-Quantum Cryptography in .NET
https://ift.tt/osS9nPf
#PostQuantumCryptography #DotNet10 #Cryptography #PQC #MLDSA #MLKEM #SLHDSA #CompositeMLDSA #AsymmetricAlgorithms #Cybersecurity #DataProtection #Encryption #SecureCoding #TechInnovation #Ope… -
via @dotnet : Post-Quantum Cryptography in .NET
https://ift.tt/osS9nPf
#PostQuantumCryptography #DotNet10 #Cryptography #PQC #MLDSA #MLKEM #SLHDSA #CompositeMLDSA #AsymmetricAlgorithms #Cybersecurity #DataProtection #Encryption #SecureCoding #TechInnovation #Ope… -
via @dotnet : Post-Quantum Cryptography in .NET
https://ift.tt/osS9nPf
#PostQuantumCryptography #DotNet10 #Cryptography #PQC #MLDSA #MLKEM #SLHDSA #CompositeMLDSA #AsymmetricAlgorithms #Cybersecurity #DataProtection #Encryption #SecureCoding #TechInnovation #Ope… -
Rust continues to reshape Android’s security posture.
Google reports memory-safety bugs are now under 20%, backed by:
• 1000× reduction in memory-safety bug density vs C/C++
• 4× fewer rollbacks
• Faster reviews + fewer revisions
• Rust moving deeper into kernel, firmware & Android’s security-sensitive apps
A recent “near-miss” RCE (CVE-2025-48530) in unsafe Rust was mitigated by Scudo before reaching public release.Thoughts from the AppSec community?
Follow @technadu for more unbiased cybersecurity reporting.#RustLang #MemorySafety #AndroidSecurity #AppSec #InfoSec #DevSecOps #SecureCoding #TechNadu
-
Want to learn all the best security features of Vue.js? Download my free cheat sheet and sign up for my newsletter at the same time!
#vuejs #appsec #securecoding
https://twp.ai/4iqCzj -
An AI-powered security auditing tool that leverages Ollama models to detect and analyze potential security vulnerabilities in your code.
-
Another day, another tech bro trying to shove "SSH3" down our throats, because apparently SSH just wasn't rich or fast enough for your HTTP/3 obsession. 🎩🤡 Who knew secure shell needed a makeover with extra #glitter and a side of AI-generated hype? 🚀🔮
https://github.com/francoismichel/ssh3 #techbro #SSH3 #HTTP3 #securecoding #AIhype #HackerNews #ngated -
I will be speaking at the AI Summit for #Sectorca on September 30th in Toronto. Want to learn how to vibe code securely? Come hang hang out!
@blackhatevents #aisummit #vibecoding #securecoding
-
Mini #securecoding lesson: APIs are often where #IDOR vulnerabilities live. They’re scriptable, discoverable, and rarely protected by frontend logic. Even endpoints not visible to users are vulnerable! Attackers use tools like Burp or Postman to find and exploit them. Easily!
-
Mutable hashCode() in Java keys = recipe for disaster ☠️
#JavaSecurity #HashMap #Java #SecureCoding #Vaadin https://svenruppert.com/2025/06/06/if-hashcode-lies-and-equals-is-helpless/ -
Is Node.js the future of backend development, or just a beautifully wrapped grenade?
Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.
When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.
Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.
So I wonder:
Is this the future? Or am I just… old?Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?
Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.#NodeJS #BackendSecurity #SecureCoding #PII #Compliance #SoftwareArchitecture #ServerSideRendering #TypeScript #Java #Kotlin #Golang #Erlang #Ruby #Scalability #Observability #DevSecOps #LegacyVsModern #SecureByDesign #CompiledLanguages #CloudArchitecture #StatelessDesign #SecurityTheatre #TechSatire #LinkedInTechRant
-
DNS attacks are not just legacy threats – they’re evolving.
In my new article series, I explore modern DNS attack vectors like cache poisoning, tunneling, hijacking & spoofing – and how we as developers can defend at the protocol edge.
A must-read if you're building Java-based backend systems or securing internal services.
🔗 https://svenruppert.com/2025/04/07/dns-attacks-explained/
#CyberSecurity #DNS #Java #Infosec #NetworkSecurity #SecureCoding #DNSAttack #DeveloperSecurity #PrivacyByDesign
-
Node.js Security in 2025: Best Practices and Threat Mitigation
https://bloggingaadd.com/nodejs-security-in-2025-best-practices-and-threat-mitigation
Learn the best Node.js security practices for 2025 to protect your applications from evolving threats. Explore key strategies for threat mitigation, data protection, and secure coding.
#NodeJS
#CyberSecurity
#WebSecurity
#SecureCoding
#BackendDevelopment
#APISecurity
#TechTrends2025
#DataProtection
#SoftwareSecurity
#JavaScript
#SecureApps
#ThreatMitigation -
Top Node.js Development Best Practices for 2025 | Tuvoc Tech
Discover the top Node.js development best practices for 2025 to improve performance, security, and scalability. Stay updated with the latest coding standards and optimization techniques.
#NodeJS
#WebDevelopment
#JavaScript
#BackendDevelopment
#CodingBestPractices
#TechTrends2025
#APIDevelopment
#FullStackDevelopment
#SoftwareEngineering
#PerformanceOptimization
#ScalableApps
#SecureCoding
#NodeJSTips -
🚨 When your code is a few KB, but your dependencies rival AAA game installations. Still believe in fairy tales of secure code?
Gigabytes of code you didn't write. Licences you didn't read. Security flaws you didn't anticipate. Yet, you trust them. Adorable.
Not just Node.js. Gradle caches, AWS libs with 400 sub-dependencies + reflection parties. In control? How cute.
I use plain Java with jlink + jpackage. Minimal. Secure. No bloat.
Fewer deps = fewer surprises. Because I care.
But hey, keep stacking that Jenga tower. Watching it fall will be fun.
#MinimalismMatters #CleanCode #DependencyHell #JavaPurist #DoYouEvenCare #LessIsMore #CodeSmart #TechDebt #DependencyManagement #JavaDeveloper #SecureCoding #LightweightCode #ModernJava #RefactorYourLife #NoBloat #CodeQuality #developer #code
-
🚨 When your code is a few KB, but your dependencies rival AAA game installations. Still believe in fairy tales of secure code?
Gigabytes of code you didn't write. Licences you didn't read. Security flaws you didn't anticipate. Yet, you trust them. Adorable.
Not just Node.js. Gradle caches, AWS libs with 400 sub-dependencies + reflection parties. In control? How cute.
I use plain Java with jlink + jpackage. Minimal. Secure. No bloat.
Fewer deps = fewer surprises. Because I care.
But hey, keep stacking that Jenga tower. Watching it fall will be fun.
#MinimalismMatters #CleanCode #DependencyHell #JavaPurist #DoYouEvenCare #LessIsMore #CodeSmart #TechDebt #DependencyManagement #JavaDeveloper #SecureCoding #LightweightCode #ModernJava #RefactorYourLife #NoBloat #CodeQuality #developer #code
-
🚨 When your code is a few KB, but your dependencies rival AAA game installations. Still believe in fairy tales of secure code?
Gigabytes of code you didn't write. Licences you didn't read. Security flaws you didn't anticipate. Yet, you trust them. Adorable.
Not just Node.js. Gradle caches, AWS libs with 400 sub-dependencies + reflection parties. In control? How cute.
I use plain Java with jlink + jpackage. Minimal. Secure. No bloat.
Fewer deps = fewer surprises. Because I care.
But hey, keep stacking that Jenga tower. Watching it fall will be fun.
#MinimalismMatters #CleanCode #DependencyHell #JavaPurist #DoYouEvenCare #LessIsMore #CodeSmart #TechDebt #DependencyManagement #JavaDeveloper #SecureCoding #LightweightCode #ModernJava #RefactorYourLife #NoBloat #CodeQuality #developer #code
-
🚨 When your code is a few KB, but your dependencies rival AAA game installations. Still believe in fairy tales of secure code?
Gigabytes of code you didn't write. Licences you didn't read. Security flaws you didn't anticipate. Yet, you trust them. Adorable.
Not just Node.js. Gradle caches, AWS libs with 400 sub-dependencies + reflection parties. In control? How cute.
I use plain Java with jlink + jpackage. Minimal. Secure. No bloat.
Fewer deps = fewer surprises. Because I care.
But hey, keep stacking that Jenga tower. Watching it fall will be fun.
#MinimalismMatters #CleanCode #DependencyHell #JavaPurist #DoYouEvenCare #LessIsMore #CodeSmart #TechDebt #DependencyManagement #JavaDeveloper #SecureCoding #LightweightCode #ModernJava #RefactorYourLife #NoBloat #CodeQuality #developer #code
-
🚨 When your code is a few KB, but your dependencies rival AAA game installations. Still believe in fairy tales of secure code?
Gigabytes of code you didn't write. Licences you didn't read. Security flaws you didn't anticipate. Yet, you trust them. Adorable.
Not just Node.js. Gradle caches, AWS libs with 400 sub-dependencies + reflection parties. In control? How cute.
I use plain Java with jlink + jpackage. Minimal. Secure. No bloat.
Fewer deps = fewer surprises. Because I care.
But hey, keep stacking that Jenga tower. Watching it fall will be fun.
#MinimalismMatters #CleanCode #DependencyHell #JavaPurist #DoYouEvenCare #LessIsMore #CodeSmart #TechDebt #DependencyManagement #JavaDeveloper #SecureCoding #LightweightCode #ModernJava #RefactorYourLife #NoBloat #CodeQuality #developer #code
-
#SecureCoding: Risiken einschätzen mit dem #ExploitPredictionScoringSystem | Developer https://www.heise.de/hintergrund/Secure-Coding-Risiken-einschaetzen-mit-dem-Exploit-Prediction-Scoring-System-10252792.html #ITSecurity #Cybersecurity #VulnerabilityManagement #ExploitPrediction #EPSS #CVSS #SSVC #CWE #RiskManagement #ThreatIntelligence #MachineLearning #DataDrivenSecurity #PatchManagement #SecurityBestPractices #ZeroDay #VulnerabilityAssessment #SecurityTools #InfoSec
-
#SecureCoding: Risiken einschätzen mit dem #ExploitPredictionScoringSystem | Developer https://www.heise.de/hintergrund/Secure-Coding-Risiken-einschaetzen-mit-dem-Exploit-Prediction-Scoring-System-10252792.html #ITSecurity #Cybersecurity #VulnerabilityManagement #ExploitPrediction #EPSS #CVSS #SSVC #CWE #RiskManagement #ThreatIntelligence #MachineLearning #DataDrivenSecurity #PatchManagement #SecurityBestPractices #ZeroDay #VulnerabilityAssessment #SecurityTools #InfoSec
-
#SecureCoding: Risiken einschätzen mit dem #ExploitPredictionScoringSystem | Developer https://www.heise.de/hintergrund/Secure-Coding-Risiken-einschaetzen-mit-dem-Exploit-Prediction-Scoring-System-10252792.html #ITSecurity #Cybersecurity #VulnerabilityManagement #ExploitPrediction #EPSS #CVSS #SSVC #CWE #RiskManagement #ThreatIntelligence #MachineLearning #DataDrivenSecurity #PatchManagement #SecurityBestPractices #ZeroDay #VulnerabilityAssessment #SecurityTools #InfoSec
-
#SecureCoding: Risiken einschätzen mit dem #ExploitPredictionScoringSystem | Developer https://www.heise.de/hintergrund/Secure-Coding-Risiken-einschaetzen-mit-dem-Exploit-Prediction-Scoring-System-10252792.html #ITSecurity #Cybersecurity #VulnerabilityManagement #ExploitPrediction #EPSS #CVSS #SSVC #CWE #RiskManagement #ThreatIntelligence #MachineLearning #DataDrivenSecurity #PatchManagement #SecurityBestPractices #ZeroDay #VulnerabilityAssessment #SecurityTools #InfoSec