#DevSec — Search

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

Arcjetがインラインプロンプトインジェクション防御を正式リリース。 500以上の本番アプリで稼働中。本番AIシステムの防御が標準装備になる時代。 #PromptInjection #DevSec

BREAKING: 3 critical vulnerabilities in LangChain/LangGraph disclosed. CVSS 9.3 deserialization flaw leaks API keys and env secrets. 52M+ weekly downloads affected. AI framework supply chain security is no longer optional. Patch now. #AISecurity #LangChain #DevSec

CyberSecurity88 @CSec88 · 5d

Hot take: AI coding tools are a gift to attackers. 10× more vulnerabilities shipped. 45% vuln rate. 97.5% of orgs exposed. The bottleneck was never writing code. It was reviewing it. Nobody fixed that part. ⚠️ #DevSec #CyberSecurity

Nechiforel David Samuel @nsdhso · Mar 20

Security 101: Claude Code Access Control cd my-project; claude (scoped) --add-dir ./config (explicit) --add-dir / (DANGEROUS) .gitignore for secrets One bad command = entire filesystem exposed. Teach security first. #ClaudeCode #DevSec

Grafana @grafana · Mar 17

🤝 Time to bridge the #DevSec divide. We've partnered with@MiggoSecurity on a joint solution that builds on production telemetry in Grafana Cloud to deliver evidence-based runtime security. grafana.com/blog/grafana-c…j

Bridge the DevSec divide: Using Grafana Cloud and Miggo for runtime protection | Grafana Labs

Grafana Labs and Miggo Security have partnered on a joint solution that builds directly on production telemetry in Grafana Cloud to deliver evidence-based runtime security.

From grafana.com

882

Salman Aslam @xalmanaxlam · Mar 14

AI now writes 30% of code at Microsoft and ~25% at Google. But studies show AI-generated code carries 2.74x more security vulnerabilities than human-written code. Speed without review is deferred risk. Your code gates matter more now, not less. #AI #DevSec #SoftwareEngineering

Utsav Hirapra @UtsavHirapra · Feb 28

Ditch the .env file habit! Your secrets are NOT safe. jonmagic.com/posts/stop-put… #devsec

Clifford Darko Opoku-Sarkodie @cliffdetech · Feb 27

Best security? The kind users never see. 🔒✨ Just built a fintech API where safety was the default—no friction, no fanfare, just silent protection. Real security doesn’t announce itself. What’s your stealthiest security win? �github.com/cliff-de-techhM #DevSec #TechThoughts

Gray Hats @the_yellow_fall · Feb 27

Microsoft warns of a new campaign targeting engineers via fake Next.js technical assessments. Malware hides in VS Code tasks and npm scripts to steal secrets. #DevSec #NextJS #CyberSecurity #MicrosoftDefender #SoftwareEngineering #InfoSec #Malware securityonline.info/the-interview-…

The Interview Trap: Malicious Next.js Repositories Weaponize Coding Tests to Hack Developers

Microsoft warns of a new campaign targeting engineers via fake Next.js technical assessments. Malware hides in VS Code tasks and npm scripts to steal secrets.

From securityonline.info

237

LordePlayer @LordePlayerX · Jan 29

People, be careful with these non-open source workflow automation projects. I tried @CompozyAI to test it, but before using it, I analyzed it to see where the data was going. Guess my surprise? 😲 #bigeye #bigbrother #devsec

126

Gabriel Abi Ramia → tubespark.ai @gabrielabiramia · Jan 27

Devs gastando energia brigando por posts "limpos" enquanto entregam repositórios inteiros pro Claude/Cursor sem piscar. 849 upvotes reclamando de spam vs 59 discutindo se terceiros controlam quando vocês podem ser hackeados. Prioridades, né? #ClaudeCode #Cursor #DevSec

✪ 𝕱𝖆𝖍𝖆𝖉 @fad_777 · Jan 26

برمجية Evelyn Stealer الخبيثة تستغل إضافات VS Code لسرقة بيانات اعتماد المطوّرين والعملات الرقمية #الأمن_السيبراني #Malware #DevSec thehackernews.com/2026/01/evelyn…

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials, browser data, and cryptocurrency wallets on Windows.

From thehackernews.com

VMblog @vmblog · Jan 16

#AI is fundamentally reshaping the internet. 🌐 @Fastly Co-Founder Simon Wistow shares his 2026 #predictions on: 🤝 AI-publisher partnerships 🛍️ The rise of agentic e-commerce 🔐 #DevSec collaboration Read more@on @VMblvmblog.com/archive/2026/0…JTAR #TechTrends #CyberSecurX7iO

yama | software developer 🇯🇵 @streamtech_en · Jan 10

Heads up: 900K+ users affected by fake Chrome extensions stealing ChatGPT/DeepSeek conversations. A reminder to audit your browser extensions periodically... 🔍 #CyberSecurity #DevSec stream-tech.dev/en/media/techn…q

Tech (General) Tech News (2026/01/09) | Stream Tech AI

Today's highlights focus on a significant structural shift in the software ecosystem: the decline of traditional developer communities and open-source business

From stream-tech.dev

101

Alexander Kazanski @alex_kazanski · Jan 10

Privacy in Copilot development: Your code isn't used to train models unless you opt-in. Microsoft prioritizes data security for enterprise users. #DevSec

White Knight Labs @WKL_cyber · Dec 28, 2025

The future of offensive security belongs to those who can build their own solutions rather than relying on existing frameworks. Build your foundation at whiteknightlabs.com/?utm_campaign=… #DevSec #CodingSkills #OffensiveEngineer