The End of Work | Daniel Miessler
Table of Contents The feeling If you’re like me, you’ve had this strange, uneasy feeling about the job market1 for a few years now. It’s…
Category: Mix
We’re All in Fractal Microcults
I think we’re all in microcults now. Fractal microcults. Infinitely small ones. Cults of one. Not everyone, of course, but so many of the people…
![[tl;dr sec] #286 - Securing Vibe Coding, Finding Secrets "Oops Commits", Backdooring IDE Extensions](https://image.cybernoz.com/wp-content/uploads/2025/07/tldr-sec-286-Securing-Vibe-Coding-Finding-Secrets-Oops.png)
[tl;dr sec] #286 – Securing Vibe Coding, Finding Secrets “Oops Commits”, Backdooring IDE Extensions
Rules files to vibe securely, earning $25K from dangling commits, compromising the extension marketplace of Cursor, Windsurf, and other VS Code forks I hope you’ve…
What CISA’s BOD 25-01 Means for API Security and How Wallarm Can Help
The US government has taken another significant step towards strengthening cloud security with the release of CISA’s Binding Operational Directive (BOD) 25-01. Aimed at improving…
Why Prompt Engineering and Context Engineering Both Miss the Point
There’s a popular idea going around right now about renaming “prompt engineering” to “context engineering.” The argument is that context engineering better captures the true…
What the NULL?! Wing FTP Server RCE (CVE-2025-47812)
While performing a penetration test for one of our Continuous Penetration Testing customers, we’ve found a Wing FTP server instance that allowed anonymous connections. It…
![[tl;dr sec] #285 - AI Red Teaming, Detection Engineering Field Manual, Building AppSec Partnerships](https://image.cybernoz.com/wp-content/uploads/2025/06/tldr-sec-285-AI-Red-Teaming-Detection-Engineering-Field.png)
[tl;dr sec] #285 – AI Red Teaming, Detection Engineering Field Manual, Building AppSec Partnerships
Can LLMs red team AI, intro to detection engineering, how to scale security impact via cross-team partnerships I hope you’ve been doing well! At BSidesSF…
The Rise of AI-Driven API Vulnerabilities
AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against…
Dumping Cursor for VSCode + Claude Code
Don’t get me wrong—Cursor is genuinely awesome. It’s probably the best AI-native code editor ever built, with incredibly thoughtful integrations and a user experience that…
Understanding DevSecOps | HAHWUL
Sharing thoughts and approaches on DevSecOps, which integrates development (Dev), security (Sec), and operations (Ops) to embed security throughout the development lifecycle. What is DevSecOps?…
what’s best for your business?
Organizations are adopting bug bounty programs more and more as part of a layered security strategy to address the skills gap and to help their…
How to Securing GraphQL | HAHWUL
A summary of common security vulnerabilities in GraphQL and their mitigation strategies. GraphQL provides superior flexibility and efficiency compared to traditional REST APIs by allowing…