![[tl;dr sec] #308 - MCP Security, AWS re:Invent Recaps, Detecting Malicious Pull Requests with AI](https://image.cybernoz.com/wp-content/uploads/2025/12/tldr-sec-308-MCP-Security-AWS-reInvent-Recaps-Detecting.png){kind=small}
[tl;dr sec] #308 – MCP Security, AWS re:Invent Recaps, Detecting Malicious Pull Requests with AI
I hope you’ve been doing well! La Vie de Clint Some recent anecdotes from my life: I caught up with my friend David Molnar, who…
Category: Mix
What Experts Expect in the Year Ahead — API Security
This is a predictions blog. We know, we know; everyone does them, and they can get a bit same-y. Chances are, you’re already bored with…
Anthropic’s Vision Advantage is a Lot Like Apple’s from the 2010s
OpenAI and Google have more than a model problem when competing with Anthropic. Anthropic right now feels like Apple in the 2010s with the iPhone.…
DAST without disruption: Burp Suite DAST winter update 2025 | Blog
Rob Samuels | 11 December 2025 at 13:09 UTC AppSec teams are under constant pressure to secure fast-moving applications without slowing anything down. But scanning…
Exploiting Logic Flaws: Advanced Exploitation Guide
It’s no secret that complexity is the biggest rival of safe applications. As web apps become more sophisticated, they create countless opportunities for logic flaws…
Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478) — API Security
The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged regarding the initial Proof-of-Concept exploit,…
A Year of Smarter, Context-Aware API Security — API Security
As the year draws to a close, it’s worth pausing to look back on what has been an extraordinary year for Wallarm and, more importantly,…
Thoughts on Doctorow’s ‘Reverse Centaurs’ AI Talk
This is another brilliantly written and highly misguided essay by Cory Doctorow. It demonstrates a complete lack of understanding of what AI actually is and…
The Real Bubble Is Human Labor
I don’t mean the human labor that we do for ourselves, like washing our own dishes or cooking our own food. That’s all as natural…
I Built Two Claude Code Features a Week Before Anthropic Released Them
I’m not the type who brags, but I have to brag about this. I guess it’s not really bragging. It’s more like validation. Anyway. I’m…
Intigriti insights: React2Shell CVE-2025-55182 | Intigriti
This blog explores the widespread and critical state of the React2Shell vulnerability. It provides a technical overview, suggested mitigations, and actions to safeguard people, processes,…
How to detect React2Shell with Burp Suite | Blog
Tom Ryder | 05 December 2025 at 13:53 UTC Detecting React2Shell with Burp Suite React2Shell vulnerabilities in Next.js applications are now scannable across Burp Suite,…