今日已更新 63 条资讯 | 累计 20533 条内容
关于我们

标签:#SEC

找到 688 篇相关文章

AI 资讯

Most repos hit by the Shai-Hulud worm are still infected a week later, and the obvious fix punishes the victims.

This is a follow-up to my earlier posts, and it is more of an open question than an answer. I have the data, I have a way to act, and I am genuinely unsure that acting is the right call. I could use the community's help thinking it through. Last week a supply-chain worm got into my GitHub account and repositories. I got out, cleaned up the proper way, and wrote it up. Then I checked the public list of repositories hit by the same worm, to see how the cleanup was going across the ecosystem. Nearly a week later, most of them are still carrying the live payload. It is worse than a count When you look closely, a lot of the owners are clearly trying. But they are missing how this actually works, in two ways that matter: Deleting is not removing. They remove the malicious files with an ordinary commit. That takes the payload off the branch tip, but the commit that introduced it is still in history, and the blob is still recoverable by anyone who reverts or checks out the old commit. The only real removal is rewriting history (reset, not revert) and asking GitHub to purge the objects, because the fork network keeps them reachable by SHA. One branch is not all branches. They clean the branch they know about and never see the backdated copies the worm planted on other branches, which are still live. And the part that genuinely worries me: some of these owners are almost certainly opening the infected repository in VS Code or an AI assistant to fix it , which is exactly the trigger that runs the payload again. The act of trying to clean it can re-detonate it. So: a large number of repositories still carrying a live credential stealer, and a large number of owners and contributors who do not know they are still exposed. The dilemma Here is where I am stuck. There are two paths and I do not like either. Report them to GitHub. Their response is automated and blunt. The repo gets disabled, with no human in the loop, the same hands-off automation that locked me out of my own accou

2026-06-11 原文 →
AI 资讯

Reentrancy in 2026: Why It Still Drains Millions (and How AI Spots It)

Reentrancy is the oldest trick in smart contract exploitation. The DAO fell to it in 2016. You would think a bug this famous would be extinct by now. It isn't. Protocols still lose millions to reentrancy every year, because the textbook version is the easy one, and attackers stopped using the textbook version a long time ago. This post walks through the classic bug, then the modern variants that still bite in 2026: cross-function, cross-contract, read-only reentrancy through view functions, and callback reentrancy through ERC777 and ERC721. I'll show why ReentrancyGuard is not the silver bullet most developers think it is, and how an LLM-based auditor reasons about the call-then-state-change pattern in a way pattern matchers can't. The Classic: Single-Function Reentrancy Here is the canonical vulnerable withdraw. contract VulnerableVault { mapping(address => uint256) public balances; function deposit() external payable { balances[msg.sender] += msg.value; } function withdraw() external { uint256 amount = balances[msg.sender]; (bool success, ) = msg.sender.call{value: amount}(""); require(success, "transfer failed"); balances[msg.sender] = 0; // state update AFTER the external call } } The attack is simple. The attacker is a contract. When withdraw sends ETH via msg.sender.call , control passes to the attacker's receive() function before balances[msg.sender] is zeroed. The attacker calls withdraw again. The balance is still the original amount, so the vault pays out again. Repeat until the vault is empty. contract Attacker { VulnerableVault vault; receive() external payable { if (address(vault).balance >= 1 ether) { vault.withdraw(); // re-enter before balance is zeroed } } } The fix is checks-effects-interactions. Do all your checks, then update all your state, and only then make the external call. function withdraw() external { uint256 amount = balances[msg.sender]; balances[msg.sender] = 0; // effect first (bool success, ) = msg.sender.call{value: amount}(""); //

2026-06-10 原文 →
AI 资讯

Valve is phasing out physical Steam gift cards due to scammers

After over a decade, Steam will no longer sell physical gift cards in stores. In a support page spotted earlier by Windows Central, Valve says it will no longer restock its gift cards once they run out, citing scammers who "continue to have an impact on Steam customers and other unsuspecting individuals." In its post, […]

2026-06-10 原文 →
AI 资讯

Let your n8n template ask for the user's API key

You built a workflow worth sharing — and it works perfectly. Until someone else imports it. The bottleneck is the API key. Use yours, and every user is billed against your account. Use theirs, and they each have to find the credential UI, paste their key, and reconnect every time. Both are friction. The cleaner option is to let the workflow ask for the key on the form, then thread it through to the HTTP nodes that need it. It's simpler than it sounds. This post walks through the pattern with a working credential setup, an alternative for single-node simple cases, the gotchas, and a note on what this enables for custom node authors. The screenshots below come from n8n's built-in Bearer Auth credential and from the n8n-nodes-ldxhub package's own credential schema. The technique itself is generic — what's shown here works for any HTTP-node workflow and any custom node that supports expression-mode credentials. The form asks, the credential listens The simplest case: a Form Trigger collects an API key, then an HTTP node hits an authenticated endpoint with that key. Two nodes, one bridge between them — but the bridge isn't a direct expression. It runs through a credential. The flow: Form Trigger collects api_key (use the Password element type for masking) A Bearer Auth credential references that form input via expression HTTP node picks the credential The Form Trigger is straightforward. Add one field: Form Trigger Form Fields : - Label : API Key - Element Type : Password - Custom Field Name : api_key - Required Field : yes Element type matters. Use Password instead of Text and the input gets masked on screen — the key isn't readable to someone glancing at the browser. Here's the rendered form a user sees when they open the workflow URL: Wiring the credential to expression mode For a Bearer token (which is what most modern APIs use), create a new credential of type Bearer Auth — a generic credential built into n8n that's purpose-built for Authorization: Bearer ... header

2026-06-10 原文 →
AI 资讯

OAuth for Remote MCP Servers

OAuth for Remote MCP Servers How each AI assistant signs in to a remote MCP (Model Context Protocol) server, and why the flow differs by client and by where it runs. Overview The protocol throughout is standard OAuth 2.1 — an open, widely implemented authorization standard. The human sign-in runs through oauth2-proxy , one of the most widely deployed open-source auth proxies; the only deployment-specific piece is a thin, spec-conforming authorization server (the /oauth endpoints) that hands MCP clients their tokens. Every client ends up the same way — a person signs in against Google (restricted to your organization's domain), and the client holds a short-lived bearer token it presents on each /mcp call. Two things differ between assistants: where the client runs (a machine on the VPN — private — vs. the vendor's cloud — public ), which decides the host it reaches; and what kind of OAuth client it is — a public client proving itself with PKCE (Proof Key for Code Exchange, which lets a client with no secret prove the token request comes from the same client that started the flow), or a confidential client proving itself with a secret. The participants oauth2-proxy — the public-facing reverse proxy. It authenticates the human against Google (the sign-in restricted to your organization's domain) and forwards the verified identity to the app behind it. Only oauth2-proxy faces the internet. It is a mature, heavily-deployed open-source project — the standard way to put Google/OIDC (OpenID Connect) single sign-on in front of a service, widely used in Kubernetes deployments — so the most security-sensitive leg of the flow (the OAuth exchange with the identity provider) runs on battle-tested code. The MCP server — the app on a loopback port behind the proxy. It plays two roles: the OAuth authorization server ( /oauth/authorize , /oauth/token , /oauth/register , .well-known discovery) and the /mcp tool endpoint. It mints codes and tokens, and validates a token on every /mcp c

2026-06-10 原文 →
AI 资讯

Headless CMS Security: Why Decoupled Is Safer

📝 Originally published on unfoldcms.com — reposted here for the DEV community. (I work on UnfoldCMS.) A coupled CMS puts the admin login on the same hostname visitors reach. A headless CMS puts it on a different hostname behind auth. That single architectural difference is why headless CMS security is meaningfully better than traditional coupled-CMS security on most real-world dimensions — and it's also why the comparison gets oversimplified into "headless is more secure" when the truth is more interesting. This post is the architectural take on headless CMS security : why decoupled is safer on most dimensions, where it can be less safe if you don't handle API hygiene properly, and what the honest comparison looks like in 2026. TL;DR : headless wins on attack-surface reduction (admin off the public hostname, smaller plugin attack surface, API-first auth model) but loses on dimensions teams typically don't think about (exposed APIs without rate limits, JWT misuse, secrets in frontend code, draft preview tokens leaking). A well-built headless CMS is meaningfully more secure than a typical WordPress site; a poorly-configured headless CMS can be worse than a maintained WordPress site. The architecture biases toward safer; the implementation determines actual outcomes. The audience: technical decision-makers and security-conscious teams comparing CMS architectures with security as a deciding factor. If you're earlier in the architectural decision, see headless CMS vs traditional CMS: key differences . For the WordPress-specific security picture this post compares against, WordPress security problems in 2026 . The Attack Surface Difference The single biggest architectural difference between coupled and headless CMS security is where the admin lives . A traditional WordPress site puts the admin login at yourdomain.com/wp-admin . The same hostname your visitors reach. The same SSL cert. The same Cloudflare config. Every brute-force attempt, every credential-stuffing bot, ev

2026-06-10 原文 →
AI 资讯

End-to-End GitHub Security Hardening Guide for Organizations

GitHub is not just a source code platform anymore. For most engineering organizations, GitHub is part identity system, part software supply chain, part CI/CD platform, part secret store, part deployment orchestrator, and part production change-control system. That means we should secure GitHub like a production control plane. This guide is written from the perspective of a CISO tightening GitHub across an organization. It is not a high-level best-practice list. It is a practical hardening baseline we can apply, audit, and improve over time. The goal is simple: Nobody should be able to compromise our source code, workflows, secrets, build systems, release process, or production environments because GitHub was loosely governed. How to Use This Guide Use it in three layers: Layer Audience Purpose Executive baseline CISO, Head of Engineering, Platform leadership Define why GitHub is a Tier-0 engineering control plane Security standard Security, Platform Engineering, AppSec, DevSecOps Define mandatory controls, evidence, exceptions, and ownership Operational runbook SOC, repository owners, release engineers Support onboarding, monitoring, detection, incident response, and quarterly review Control language in this guide should be interpreted as follows: Term Meaning Must / Required Mandatory baseline control unless a documented exception is approved Should / Recommended Strongly expected control; deviations require documented rationale May / Optional Context-dependent control based on repository classification and risk Exception Time-bound, risk-accepted deviation with owner, compensating controls, and review date Every mandatory control should eventually map to: Control ID → Requirement → Owner → Enforcement → Evidence → Monitoring → Exception path Section 29 provides the operational enforcement map that tells administrators where to find each GitHub setting, what to configure, and what evidence to retain. This prevents the standard from becoming a long checklist that no

2026-06-10 原文 →
AI 资讯

coding agents made repositories the security boundary

GitHub shipped a small changelog entry this week that says more about the future of coding agents than most of the launch demos. Security validation for third-party coding agents is now generally available. Not just for GitHub's own Copilot cloud agent. For third-party agents too, including Claude and OpenAI Codex. The feature sounds boring in the best possible way. When an agent creates code, GitHub can run CodeQL, check new dependencies against the GitHub Advisory Database, and use secret scanning to detect tokens, API keys, and other sensitive material. If it finds a problem, the agent tries to fix it. That is not the flashy part of agentic coding. It is the important part. Because once agents are allowed to act inside repos, the question stops being "which model wrote this diff?" and becomes "can the repository apply the same policy to every automation actor?" authorship is the wrong abstraction We still talk about generated code as if authorship is the primary thing that matters. Was this written by Copilot? Claude? Codex? A human with tab completion? A human who pasted something from a chat window and cleaned it up? A junior engineer following a Stack Overflow answer from 2018? Those distinctions matter for procurement and product marketing. They matter less for the repository. The repository has a simpler problem: a change is trying to enter the system. It may introduce a vulnerability, add a risky dependency, leak a secret, violate an internal rule, or be perfectly fine. That is why the GitHub change is interesting. It moves the useful boundary from "our approved coding assistant" to "any coding agent operating in this repository." the agent is now an actor For years, repository automation was mostly boring and legible. CI ran tests. Dependabot opened dependency updates. Release bots bumped versions. Linters complained. Security scanners commented. Humans reviewed. The automation could be annoying, but its shape was predictable. Coding agents are different.

2026-06-10 原文 →
AI 资讯

A Record-Breaking Patch Tuesday for June 2026

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available.

2026-06-10 原文 →