» Tag
security
30 postsRootless Edge Deployments: Daemonless CI/CD with Podman and Buildah
Mounting a root Docker socket in CI/CD pipelines with hardware access is a major risk. Podman and Buildah's rootless, daemonless design mitigates it.
podmanbuildahcontainerssecurityReal-World gVisor Lessons from Auditing 8,764 MCP Servers
MarketNow shares practical lessons from running gVisor sandboxing in production, backed by real audit results across 8,764 MCP servers.
gvisorfirecrackersandboxingmcpInterdict: A Postgres Safety Layer Against Rogue AI Agents
Interdict simulates risky SQL writes from AI agents before execution, measures exact blast radius, makes changes undoable, and blocks unsafe statements without human approval.
aipostgresdatabasesmcpGitLost: A Public GitHub Issue Can Leak Private Repos
GitLost shows how a public GitHub issue and a one-word prefix bypass threat detection, leaking private repo contents via Agentic Workflows.
ai-agentsprompt-injectiongithubsecurityCargo'da Symlink Açığı: CVE-2026-5223 Duyuruldu
Cargo, üçüncü taraf registry'lerden gelen tarball'lardaki symlink'leri hatalı işliyordu. Rust 1.96.0 ile düzeltilen orta seviye açığın detayları.
rustcargosecuritycvePost-quantum cryptography lands in Python with a single pip install
pyca/cryptography 48 now ships ML-KEM and ML-DSA, bringing NIST-standard post-quantum algorithms to Python. Trail of Bits explains what changes for developers and protocols.
cryptographypythonpost-quantumsecurityJadepuffer: The First Fully Autonomous LLM Ransomware
Sysdig researchers documented Jadepuffer, the first fully autonomous LLM ransomware that exploited a Langflow flaw to breach database servers.
airansomwaresecuritylangflowA Deterministic Guard Stops LLM Agents From SQL Overfetching
An open-source, LLM-free guard checks agent-generated SQL against user roles before execution, preventing text-to-SQL systems from overfetching sensitive data.
llmtext-to-sqlaccess-controlai-agentsJanuscape: 16-Year-Old UAF in KVM Shadow MMU Crashes Hosts
CVE-2026-53359 (Januscape) is a 16-year-old UAF in KVM's shadow paging code enabling guest-to-host escape; the public PoC reliably panics the host, disrupting all co-located VMs.
kvmvirtualizationlinux-kernelcveCursor Sandbox Escape Shows AI Agents Need Kernel Boundaries
Two critical bugs in Cursor's command sandbox let an attacker-controlled AI agent write outside it and reach RCE. Both are fixed in Cursor 3.0.
cursorai-agentssandboxcve