AI 资讯
15 perguntas de segurança para quem está praticando vibe coding
Outro dia, vi nos stories do Instagram uma amiga pesquisadora contando que estava usando o Claude para ressuscitar uma plataforma criada anos antes por parceiros. Ela não é da área de desenvolvimento de software. O projeto estava praticamente parado. Não havia mais recurso para manter tudo como estava. Com a ajuda da IA generativa, ela conseguiu migrar serviços, reduzir custo, melhorar performance, redesenhar partes da experiência e voltar a implementar coisas que estavam no backlog havia muito tempo. Achei aquilo inspirador! Mas também um pouco assustador. Não por ela estar usando IA generativa. Pelo contrário: acho fascinante que pessoas que não programam profissionalmente estejam conseguindo recuperar autonomia sobre projetos que antes ficavam dependentes de verba, disponibilidade de terceiros ou uma fila infinita de prioridades. O ponto que me acendeu uma luz amarela foi outro: em certo momento da conversa ela comentou que o projeto tinha dados de usuários e pagamentos via Stripe . Antes de seguir, uma ressalva: eu não gosto muito do termo "vibe coding" . Vou usar o termo aqui porque ele pegou, e porque todo mundo entende mais ou menos o que ele quer dizer: criar software com muita ajuda de IA generativa, muitas vezes sem dominar profundamente a linguagem, o framework ou a arquitetura por trás do projeto. Mas o termo me incomoda porque parece diminuir a responsabilidade envolvida. Se você está criando código, alterando código e colocando esse código no ar, você é sim uma pessoa desenvolvedora. Talvez iniciante. Talvez insegura. Talvez dependente demais da IA generativa. Talvez uma pessoa desenvolvedora ruim ou medíocre, como todos nós somos em algum recorte. Mas é. E isso traz responsabilidades. Vibe coding em uma página pessoal é uma coisa. Vibe coding em um sistema com login, dados pessoais, áreas administrativas, arquivos, integrações externas ou pagamento é outra. E aqui existe uma tensão interessante. Eu trabalho com desenvolvimento de software há bastante
AI 资讯
Is AI Making Us More Vulnerable? The Growing Threat of Cyberattacks in the AI Era
Something feels different about security incidents lately. Breaches, leaks, account takeovers, phishing campaigns they're not new. But their frequency, sophistication, and scale seem to be growing at a pace that feels genuinely alarming. Instagram accounts hacked overnight. Corporate systems compromised in hours. Phishing emails that sound disturbingly human. As someone studying AI & Big Data, I can't help but ask: is AI responsible for this? And if so, how? I think the honest answer is: yes but in two very different ways. The two faces of AI in cybersecurity When we talk about AI and cyberattacks, most people imagine one scenario: hackers using AI to attack systems faster and smarter. That's real. But it's only half the picture. The other half is something we talk about far less: the vulnerabilities that come from integrating AI into systems in the first place. These are two very different problems. And conflating them leads to the wrong solutions. Problem 1: AI is expanding the attack surface Every time a platform integrates an AI feature, they're adding something new to their infrastructure. And new infrastructure means new potential vulnerabilities. AI systems require: Massive data pipelines more data flowing through more systems APIs connecting multiple services more endpoints that can be exploited Third-party models and tools more external dependencies, more trust relationships Real-time processing less time to detect anomalies before damage is done Many organizations are integrating AI features faster than their security teams can audit them. And the consequences are already visible. In June 2026 , hackers reportedly manipulated AI-powered support systems to gain unauthorized access to Instagram accounts. The attack didn't target traditional software vulnerabilities it targeted the AI system itself , exploiting the automated account recovery flow that Meta had built with AI. This is the new reality: attackers are no longer just targeting your code. They're ta
AI 资讯
I pointed capgate at Damn Vulnerable MCP. Here's what it caught — and what it couldn't.
A capability-compiler meets ten deliberately-broken MCP servers. The honest scorecard: it cleanly stops one class, shrinks the blast radius on several, and is useless against another. Knowing which is which is the whole point. Disclosure: I'm the author of capgate , the Apache-2.0 sandbox compiler this post puts to the test. The DVMCP project and the other tools mentioned aren't mine; the manifests and compiled output are reproducible from the repo . The setup Damn Vulnerable MCP (DVMCP) is a teaching project: ten MCP servers, each built to demonstrate one attack — prompt injection, tool poisoning, excessive permission scope, token theft, command injection, and so on. It's the closest thing the ecosystem has to a shared adversarial fixture. capgate is a compile-time tool. You write a manifest declaring what an MCP server is allowed to do — fs:read:/workspace/** , net:connect:api.github.com:443 , nothing else — and it compiles that to a concrete sandbox policy ( docker run flags, bwrap argv, or an egress-proxy config). It does not run anything, watch traffic, or inspect the server's code. It turns a declared capability set into an enforced boundary. So this is a fair, falsifiable test: for each DVMCP challenge, I wrote the honest minimum manifest, compiled it, and asked one question — does the boundary capgate emits actually stop the attack? The answer is not "yes" across the board, and the cases where it's "no" are the interesting ones. The bullseye: Challenge 3 — Excessive Permission Scope The vulnerable tool advertises "read a file from the public directory" and then does this: @mcp.tool () def read_file ( filename : str ) -> str : # VULNERABILITY: doesn't restrict file access to the public directory if os . path . exists ( filename ): # any absolute path works with open ( filename , " r " ) as f : return f . read () The private directory next door holds employee_salaries.txt , acquisition_plans.txt , and system_credentials.txt (a live DB password and cloud API ke
AI 资讯
Bug in FIFA World Cup internal system gave anyone ability to modify TV stream
A security researcher said a flaw in FIFA’s online platforms allowed her to access several internal systems, including one that could have allowed her to take control of the TV stream of every World Cup match.
AI 资讯
‘Dangerous’ AI Models Are Coming No Matter What
The US government crackdown on Anthropic’s Claude Fable 5 and Mythos 5 hides a glaring truth: AI models with advanced hacking capabilities will soon be the norm.
开发者
How we became the first Indian hosting company to deploy Cloudflare Magic Transit
I run a hosting company. I'm also a BCA student. These two things coexist somehow. GigaNodes started in 2022 as a game server hosting brand — Minecraft, FiveM, ARK, the usual. Over time it grew into a proper VPS and dedicated server operation under GigaNode Technologies Private Limited, with AMD EPYC 7C13 hardware co-located at Yotta DC Noida. Earlier this year we did something I haven't seen any other Indian hosting provider do: we deployed Cloudflare Magic Transit across our entire network. What that actually means Magic Transit is not Cloudflare CDN. It is not a proxy. It is Cloudflare's enterprise network product where your IP prefixes get announced via BGP into Cloudflare's global backbone. All traffic destined for your servers enters Cloudflare's network first, gets scrubbed for attack traffic, and clean packets get forwarded to your data center via GRE tunnel. To deploy it, your infrastructure partner needs to have BGP-level integration with Cloudflare. Individual companies can't just sign up for it. We made it work through our partnership with Advika Datacenters Private Limited (AS135682) at Yotta DC Noida. The result: DDoS traffic never reaches our hardware. Our servers don't see the attack at all. Why no other Indian provider had done this Most Indian hosting providers use blackholing. When an attack comes in, they null-route your IP. Server goes offline. Attack stops eventually. Server comes back. That is the standard. That is what "DDoS protection included" usually means in India. The difference with Magic Transit is that legitimate traffic keeps flowing while attack traffic gets dropped. Your server stays online. Players stay connected. Trades don't get interrupted. We found out pretty quickly this actually works. We took a 1.7 Tbps attack after deployment. The servers didn't notice. A 1.7 Tbps volumetric attack hit our network in May 2026. Cloudflare absorbed it at the edge. No downtime. No support tickets from customers. We found out from the Cloudfla
AI 资讯
Discovering PII Inside InterSystems IRIS
Data privacy regulations such as GDPR, LGPD, and HIPAA demand that organizations know exactly where Personally Identifiable Information (PII) lives inside their databases. Yet in practice, most teams rely on manual inventories, tribal knowledge, or external scanning tools that require data to leave the database engine — a process that itself creates privacy and security risks. This article presents an MVP that takes a different approach: it runs PII detection inside InterSystems IRIS using Embedded Python, analyzing data where it lives and never exporting it to an external process. The result is a lightweight, non-intrusive utility that scans your tables, identifies PII using AI, and produces a structured CSV report — all without data ever leaving the IRIS process. The Problem: PII You Don't Know You Have Organizations today face a painful blind spot. A typical IRIS instance may contain hundreds of tables across dozens of schemas, some holding decades of accumulated data. Columns named ContactInfo , Notes , or Description might silently contain social security numbers, email addresses, or government IDs — sometimes intentionally, sometimes as a side effect of free-text fields that capture whatever users type in. Traditional approaches to PII discovery share a common flaw: they require data extraction. You export samples, send them to an external service, or pipe them through a standalone tool. Every step in that pipeline is an additional attack surface and a potential compliance violation. The principle of data sovereignty — keeping data within its jurisdiction and under controlled access — suggests a better path: bring the analysis to the data, not the data to the analysis. This is not just a technical preference; it is a governance requirement: GDPR (EU) — Article 28 requires that any processing of personal data by a third-party processor be governed by a binding contract covering subject-matter, duration, purpose, data types, and obligations [ Art. 28 GDPR ]. Art
产品设计
India orders temporary ban on Telegram over exam fraud concerns
The restrictions include a nationwide ban on Telegram until June 22 and a requirement to disable the app's message editing feature.
AI 资讯
Critical Copilot vulnerability allowed hackers to seal 2FA code from users
SearchLeak exploit shows why the industry's approach to LLM security fails over and over.
AI 资讯
What Is Shadow AI, and Why It's a Real Security Problem
Shadow AI is the unapproved use of AI tools at work. Here is what it actually is, why it creates security and compliance exposure, and how Bifrost Edge brings it under control at the endpoint. Somewhere in your company right now, someone is pasting a customer list into a personal ChatGPT account to clean up an email. A developer has a coding agent pointed at a repo that still has live credentials in it. Someone in marketing wired up an MCP server they found over the weekend so their assistant can pull from a CRM. None of it shows up anywhere the security team can see. That is shadow AI: people using AI tools for work faster than anyone can govern them. It is rarely reckless. The tools are genuinely useful, they are one click away, and most people have no real sense of what happens to the text they paste into them. The scale is what tends to surprise teams. A 2025 UpGuard report found that more than 80% of workers use unapproved AI tools , security professionals included, and that half use them regularly. This is not a fringe behavior at the edges of the org. It is most people, most days. What counts as shadow AI Shadow AI is any AI tool used for work without security review or central oversight. It is the AI version of shadow IT, except it moved faster and the data leaving the building is often more sensitive. It usually shows up in four shapes: Consumer chat apps used with work data: ChatGPT, Claude, and the rest, on personal accounts. AI inside the browser, where a prompt box is one tab away at all times. Coding agents in the terminal and IDE, which can read source, run commands, and touch infrastructure. MCP servers, the external tools an AI app connects to so it can read files, call APIs, and take actions. The first two leak data outward. The last two are more interesting, because they let an AI tool do things, often with whatever access the employee already has. Why it is an actual security problem, not just a policy headache The risk is not that AI is dangerou
AI 资讯
I built a Terraform security scanner that lives inside GitHub PRs
The problem IAM wildcards and public S3 buckets keep slipping through Terraform code review. Tools like Checkov and tfsec exist but they live in CI, require config files, and developers ignore the output because it's not where they're working. What I built TerraWatch is a GitHub App that scans every pull request that touches .tf files automatically. If it finds a security issue it blocks the merge and posts the exact code fix as a PR comment. The developer sees something like this in their PR: ⚠️ PUBLIC_S3_BUCKET - main.tf (Line 6) Severity: HIGH Risk: S3 bucket allows public read access. Fix: acl = "public-read" acl = "private" block_public_acls = true restrict_public_buckets = true They copy the fix, push, and the merge unblocks automatically. How it's different No YAML, no CI config - installs in 2 minutes via GitHub App Fixes are hardcoded diffs, not AI generated Nothing auto-applied - you review every fix No Checkov dependency - own lightweight rules engine Only reads changed .tf files in the PR, never your full codebase 29 rules covering S3 public access, IAM wildcards, open ports (SSH/RDP/MySQL/Postgres), unencrypted EBS/RDS, public databases, hardcoded secrets, EKS public endpoints, CloudTrail disabled, IMDSv1, and more. Try it Free during beta - terrawatch.dev Also launching on Product Hunt today if you want to show some support!
AI 资讯
HTTP vs HTTPS — What Actually Happens When You Visit a Website
By Sailee Shingare | M.S in Computer Science, Northern Illinois University Every time you visit a website, your browser and the server have a conversation. That conversation happens over a protocol — either HTTP or HTTPS. You’ve seen both in your browser’s address bar. But what’s actually different between them, and why does it matter? Let’s break it down. What is HTTP? HTTP stands for HyperText Transfer Protocol . It’s the foundation of data communication on the web — the set of rules that defines how your browser requests information and how servers respond. When you visit a website over HTTP, here’s what happens: You type a URL in your browser Your browser sends a request to the server The server sends back the webpage Your browser displays it Simple. But there’s a problem — everything is sent in plain text . Anyone sitting between you and the server can read it. Your passwords, your credit card numbers, your messages — all visible. This is where HTTPS comes in. What is HTTPS? HTTPS stands for HyperText Transfer Protocol Secure . It’s HTTP with an extra layer of security called TLS (Transport Layer Security) — previously known as SSL. The S in HTTPS means everything between your browser and the server is encrypted . Even if someone intercepts the data, they see nothing but scrambled gibberish. What Actually Happens When You Visit an HTTPS Website When you visit an HTTPS site, your browser and the server perform a TLS Handshake before any data is exchanged. Here’s what happens step by step: Step 1 — Client Hello Your browser says hello to the server and shares which encryption methods it supports. Step 2 — Server Hello The server picks an encryption method and sends back its SSL certificate — a digital document that proves the server is who it claims to be. Step 3 — Certificate Verification Your browser checks the certificate against a list of trusted authorities. If it’s valid, the connection proceeds. If not, you see a warning — “Your connection is not private.”
AI 资讯
The US government’s Anthropic models ban was never about an AI jailbreak
The Trump administration's decision that forced Anthropic to pull its latest cybersecurity models could be reactionary, retaliatory, or both, but the message is clear: The AI industry isn't immune from U.S. government interference.
AI 资讯
PyPI Supply Chain, OWASP LLM Top 10, & eBPF Cloud-Native Security
PyPI Supply Chain, OWASP LLM Top 10, & eBPF Cloud-Native Security Today's Highlights Today's security highlights include a critical new malicious PyPI package targeting developers, a comprehensive guide to the OWASP Top 10 vulnerabilities for LLM applications, and practical insights into leveraging eBPF for advanced cloud-native security monitoring. New Malicious PyPI Package 'ColorLib' Targets Developers with Info-Stealing Malware (The Hacker News) Source: https://thehackernews.com/2026/06/new-malicious-pypi-package-colorlib.html This story details the discovery of a malicious package named 'ColorLib' uploaded to the Python Package Index (PyPI). The package is designed to act as info-stealing malware, specifically targeting developers who might inadvertently incorporate it into their projects. Upon execution, the malware attempts to exfiltrate sensitive data, such as environment variables, cryptocurrency wallet details, and various credentials, from the compromised system. This incident underscores the ongoing threat of software supply chain attacks, where attackers inject malicious code into commonly used open-source repositories. Developers relying on public package managers like PyPI must exercise extreme caution and implement robust security practices, including vetting packages, using dependency scanners, and maintaining a principle of least privilege. The rapid proliferation of such attacks necessitates constant vigilance and proactive security measures to prevent widespread compromise. Comment: Developers should immediately check their requirements.txt and pip freeze output for 'colorlib' and ensure all dependencies are from trusted sources, as these attacks are increasingly common. Exploring the OWASP Top 10 for LLM Applications (The Hacker News) Source: https://thehackernews.com/2026/06/exploring-owasp-top-10-for-llm.html The Open Worldwide Application Security Project (OWASP) has released its highly anticipated Top 10 list specifically tailored for Large
AI 资讯
LiteLLM Vulnerability Chain Enables Full AI Gateway Takeover from Default Account
TL;DR what: Three chained vulnerabilities in LiteLLM AI gateway allow default low-privilege users to bypass authorization, escalate to admin, and execute arbitrary code on the server. impact: Full compromise exposes every provider API key (OpenAI, Anthropic, Azure, etc.), database credentials, decryption secrets, and all prompts and responses passing through the gateway. fix: Upgrade immediately to LiteLLM v1.83.14-stable or later, which includes complete fixes for CVE-2026-47101, CVE-2026-47102, and CVE-2026-40217. who: Any organization running LiteLLM proxy to broker AI model access, especially those with internal users or agents routing through the gateway. A critical vulnerability chain in LiteLLM, a widely deployed open-source AI gateway, allows attackers starting from a default low-privilege account to achieve full server takeover and code execution. Obsidian Security researchers disclosed the three-bug chain rated CVSS 9.9, with maintainer BerriAI shipping complete fixes in version 1.83.14-stable on May 2, 2026. LiteLLM brokers API calls to more than 100 AI model providers—OpenAI, Anthropic, Google Gemini, AWS Bedrock, Azure OpenAI, and others—behind a single OpenAI-compatible interface. Organizations deploy it as a central gateway to manage costs, enforce policies, and route requests across multiple backends. That centralized position makes it a high-value target: a compromised proxy exposes every provider key it holds, the secrets that decrypt stored credentials, and every prompt and response flowing through it. The Three-Link Chain The attack begins with CVE-2026-47101, an authorization bypass. When a regular internal_user creates a virtual API key, LiteLLM stores the caller-supplied allowed_routes field without validating it against the user's role. This field is intended to restrict what the key can access, but the proxy also treats it as a fallback authorization grant. An attacker can mint a key with allowed_routes: ["/*"], a wildcard that opens every r
AI 资讯
Your Next.js API Route Is Leaking Diagnostics in Its 400 Responses
A data export endpoint dumps system diagnostics when it hits an invalid field. Feed it garbage, read the debug output, grab the flag. A data export feature lets you pick which profile fields to download. The UI only offers valid fields through checkboxes, so everything looks locked down. But the API behind it accepts arbitrary field names -- send it one it doesn't recognize, and instead of a clean error, it dumps full system diagnostics including internal feature flags. That's where the flag is. You'll bypass the frontend, hit the endpoint directly, and read what comes back. Lab setup Start the lab: npx create-oss-store@latest Or with Docker (no Node.js required): docker run -p 3000:3000 leogra/oss-oopssec-store The app runs at http://localhost:3000 . What you're targeting The app has a profile page at /profile with a Data Export tab. It lets users download their own data in JSON or CSV by selecting fields through checkboxes ( User ID , Email , Role , Address ID ) and clicking "Export Data". The UI looks safe -- you can only pick from a fixed set of valid fields, so there's no way to submit an invalid one through the browser. But that's just client-side validation. The endpoint behind it is POST /api/user/export , and it accepts a JSON body with two parameters: { "format" : "json" , "fields" : [ "id" , "email" , "role" ] } The fields value is an array of strings. The API checks each field against an allowlist. Valid fields? You get your data back. Invalid fields? The API throws an error -- and that error says way too much. Step-by-step exploitation 1. Log in You need an authenticated session. Use one of the seeded accounts: Email: alice@example.com Password: iloveduck Log in through the UI at /login , or grab a session cookie via curl: curl -c cookies.txt -X POST http://localhost:3000/api/auth/login \ -H "Content-Type: application/json" \ -d '{"email":"alice@example.com","password":"iloveduck"}' 2. Explore the Data Export tab Go to /profile and click the Data Export
科技前沿
Users cry foul after AMD stripped memory crypto from its consumer CPUs
AMD's stripping of TSME from consumer CPUs appears to be a deliberate, covert move.
AI 资讯
The contract is clean - for now: catching crypto scams that survive launch-time checks
Most token scam detectors, including the one I work on, share one implicit assumption: the contract you analyze at launch is the contract people will trade. Read the source, simulate a buy and a sell, cluster the deployer, score it, done. That is a snapshot. And a snapshot is exactly what a patient scammer plays against. Two token designs pass every launch-time check and then turn hostile later. This is how they work, and the two on-chain techniques we shipped this week to catch them. Design 1: the delayed honeypot A honeypot is a token you can buy but cannot sell. The classic version is non-sellable from block one, so a buy-then-sell simulation catches it instantly. The patient version is sellable at launch. Early buyers sell fine, the chart looks healthy, the token earns a clean verdict from every checker that judged it at T0. Then, days later, the operator flips a switch: a timed blacklist that rejects transfers after a block height or timestamp, a setTrading(false) / pause() kill switch pulled once liquidity has accumulated, a fee setter cranked to 100% on sells. From that moment it is a honeypot. But the only verdict on record is the clean one from launch day. The detection ran once, at the worst possible time to run it. Fix: re-simulate at J7 We keep post-launch snapshots of every token at J0, J7 and J30 (originally to catch slow rugs: volume collapse, late LP burns). The new piece re-runs the full buy/sell honeypot simulation at J7, but only for tokens that were genuinely sellable at J0. A clean-to-honeypot flip is the signal: // Only for tokens sellable + tradable at J0 - a clean->honeypot flip is the point. // Bounded per run because it is RPC-heavy. const eligible = ! j0 . risk_flags . some (( f ) => J0_SKIP_RESIM_FLAGS . has ( f )); if ( rpc && eligible && resims < resimLimit ) { const isNowHoneypot = await detectLateHoneypot ( rpc , tokenAddress ); if ( isNowHoneypot ) flags . push ( " late_honeypot " ); // +40 risk at J7 } One rule we hold to: an RPC hi
AI 资讯
Cybersecurity vets protest ‘dangerous’ US government ban on Anthropic’s most powerful models
A group made up of dozens of cybersecurity experts urged the White House to remove export control restrictions on Anthropic’s models Fable and Mythos, arguing that the order is going to limit the ability of cybersecurity defenders to secure their software and products.
AI 资讯
Spring News Roundup: Point Releases of Boot, Security, Integration, Modulith and Spring AI 2.0
There was a flurry of activity in the Spring ecosystem during the week of June 8th, 2026, highlighting point releases of: Spring Boot, Spring Security, Spring Session, Spring Integration, Spring Modulith, Spring AMQP and Spring Vault; and GA releases of Spring AI 2.0 and Spring Data 2026.0.0. By Michael Redlich