Topic

#Security

56 articles on Security — news, releases, guides and analysis from the SourceFeed engine.

Enforce Multi-Tenant Data Isolation with Postgres Row-Level Security

Lock down tenant data at the database layer using RLS policies, so no application bug can accidentally leak rows across tenants.

Ji-ho Choi

Inside JumpServer: Open-Source PAM for Modern Infrastructure

A self-hostable alternative to commercial PAM platforms brings browser-based access control, but its multi-component architecture requires careful management.

Article · 1d ago0

Hardening Terraform: Fixing 4 Common AWS Security Blind Spots

Default cloud configurations often prioritize convenience over security, leaving infrastructure vulnerable to automated scanning and compromise.

Article · 1d ago0

GLM 5.2 Beats Claude in Security Benchmark

Zhipu AI's open-weight model outshines proprietary giants in detecting complex access control vulnerabilities without leaking code.

Article · 2d ago6

The Missing Codex Ignore File and How to Work Around It

Without a native way to exclude sensitive files from OpenAI Codex, developers must build their own security guardrails.

Article · 2d ago5

Sovereign AI and the Death of the Single-API Monolith

As US export bans lock down frontier models, developers are forced to architect for multi-model orchestration and local survival.

Article · 3d ago1

How to Stop AI Agents From Committing Your Secrets

AI coding assistants are silently exposing credentials in git history. Here is how to lock down your local workflow.

Article · 3d ago0

Stop GitHub Copilot From Sabotaging Your Terraform Security

AI autocompletions silently introduce insecure IaC patterns that pass local validation but fail in production.

Article · 3d ago2

Dynamic Database Credentials with HashiCorp Vault: AppRole Auth and Short-Lived Postgres Secrets

Stop hardcoding database passwords. Configure Vault's AppRole auth method and database secrets engine to issue per-application, auto-expiring Postgres credentials that your app fetches at runtime and Vault cleans up automatically.

Tutorial · 3d ago0

The MCP Security Blind Spot in AI Coding Assistants

A high-severity flaw in Amazon Q Developer highlights how repository-carried configuration files are turning simple git clones into cloud compromises.

Article · 4d ago0

Miasma Proves Trusted Publishing Can Backfire Spectacularly

The self-propagating Miasma worm exploits GitHub Actions OIDC and phantom build files to turn security standards against developers.

Article · 4d ago0

Akrites Bets Open Source Security on Secrecy and Speed

A Linux Foundation coalition wants to patch the commons before AI-assisted attackers can, but the model trades transparency for a head start.

News · 4d ago1

Prompt Injection Is the Least of Your AI Security Problems

Real-world attacks reveal that while frontier models can resist linguistic trickery, your glue code and infrastructure are wide open.

Article · 4d ago1

The Client-Side Illusion: Lessons from the J&J Web App Vulnerabilities

Relying on frontend SSO flows without backend token validation is a recipe for trivial administrative takeovers.

Article · 5d ago0

The AI Auditing Wave and the End of Battle-Tested Code

As AI-driven vulnerability discovery systematically strips latent bugs from curl, developers must rethink their dependency patching strategies.

Article · 5d ago1

The distillation attack no API can fully block

Anthropic's 28.8-million-query accusation against Alibaba exposes an uncomfortable truth: when you sell model outputs, you sell the training data too.

Article · 5d ago4