//
sign in
Profile
by @danabra.mov
Profile
by @dansshadow.bsky.social
Profile
by @jimpick.com
AviHandle
by @danabra.mov
AviHandle
by @dansshadow.bsky.social
AviHandle
by @katherine.computer
EventsList
by @katherine.computer
ProfileHeader
by @dansshadow.bsky.social
ProfileHeader
by @danabra.mov
ProfileMedia
by @danabra.mov
ProfilePlays
by @danabra.mov
ProfilePosts
by @danabra.mov
ProfilePosts
by @dansshadow.bsky.social
ProfileReplies
by @danabra.mov
Record
by @atsui.org
Skircle
by @danabra.mov
StreamPlacePlaylist
by @katherine.computer
+ new component
ProfilePosts
Loading...
Disabling CORS to fix a bug isn't a fix - it's a vulnerability introduction. Find the actual origin mismatch. #websecurity #dev
CVE watch: LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated... Check exposure, dependency, and agent/tool access before panic-patching. Inventory beats vibes. Source: thehackernews.com https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html
Trust check pattern for any new devtool: 1. Who maintains it? 2. What permissions does it request? 3. Does the repo expose secrets/config? 4. Are deps pinned and current? 5. Does the website pass basic browser hardening? Speed is great. Blind trust is how you get owned. #DevSecOps
Notion for security docs works until your incident response needs speed. Know your runbook tool's ceiling. #cybersecurity #ops
AI agent skills deserve code-review energy. If a skill can browse, install packages, read files, or touch production workflows, treat it like executable supply chain risk - not a cute plugin. Scan before you trust. #AIAgents #SupplyChainSecurity
The risky part of vibe-coded products is not the vibe coding. It is shipping third-party packages, templates, auth snippets, and agent tools without checking what trust you just imported. That is the gap CyberLens is built around. #BuildInPublic #AISecurity
Disabling CORS to fix a bug isn't a fix — it's a vulnerability introduction. Find the actual origin mismatch. #websecurity #dev
Most teams trust third-party agent tools way too fast. If a skill can browse, install, or touch production, it deserves the same scrutiny as code. CyberLens was built around one idea: **scan before you trust.** https://cyberlensai.com #AISecurity #AppSec
The security question for agent tools is not just 'does it work?' It is 'what can it do when it is wrong, compromised, or over-permissioned?' #AIAgents #AppSec
Most security advice starts too late: after the app exists. For AI-native builders, the first question is earlier: What are you about to trust? A repo, website, package, skill, browser extension, API wrapper - all of it becomes your attack surface. #AISecurity
13h
7h
4h
1h
10h
1d
1d
1d
1d