Fabio Cerullo

Applications must be protected from unauthorised access. Develop the knowledge and expertise to identify, mitigate, and prevent security vulnerabilities throughout the SDLC. cycubixlimited.ac-page.com/cycubixappsecs… #cybersecurity #appsecurity #AppSec #webappsec #threatmodeling #devsecops #PCIDSS

@bizarrap Que equipo! 🇦🇷 🫶

🇦🇷🫶🏻

@KayTheRunna @locosombrero Still dreaming about it. Only got to do a half marathon

Marathons are addictive. I've ran seven marathons so far, and it's still hell after kilometer 32. If you've run a marathon, you are absolutely incredible. It is one of the greatest achievements you can reach in a lifetime.

@levelsio Lifting weights + running = super powers

Tens de levantar pesos, não só correr na passadeira! Os teus músculos e ossos atrofiam com a idade depois dos 30 Arranja um personal trainer Fica em forma pelo futuro de Portugal​​​​​​​​​​​​​​​​ 🇵🇹

@elwatto Me encanto este post Miguel. Muy open hearted y a su vez inspirador. Enhorabuena!

Year EIGHT as a founder CTO. 2025 felt like a decade. The year of vibe coding, Apple opening payments, almost getting acquired, saying no, scaling past 100 people, mistakes, cultural memes, and figuring out how to go long. miguelcarranza.es/cto-year-8

@Carolina773 @hatetemporuns @esole_gonzalez Irlanda con cielo azul es el paraiso

Salí a correr mientras hija estaba en entrenamiento. Soy una mezcla entre @hatetemporuns y @esole_gonzalez Foto a modo ilustrativo para mostrar el cielazo.

Stripe is cooking 🧑‍🍳

@juliandeangeIis Genio!

@fcerullo Local, una mac que tenia vieja

Siendo que estoy todo el tiempo probando tools de AI, solo tuve pocos momentos 'wow': - Cursor (Feb 25) - Claude Code (Ag 25) - Cloud Agents + SDD + Automations (Sep-Oct 25) y sin dudas de las últimas semanas tengo uno nuevo: - Hermes + Obsidian + LLM Wiki (skill de karpathy)

@paoloardoino @qvac Forza tether 💪

Tether is building the unstoppable AI stack. Join us

@irishnftgal @superteamIE @solana @superteam The frontier is in order

Dublin Buildstation’s new intern

@mbeaudroit @patomolina @belo_app @tether @CMCC_Global @TheVentureCity @MindsetVentures @G2VPLLC Felicitaciones Manu y equipo!

Boom! 🚀 Announcing @belo_app series A led by @tether and with the support of @CMCC_Global @TheVentureCity @MindsetVentures @G2VPLLC and many more!

@anabellag7_ @elcerokmcom

El equipo completo de @elcerokmcom

Buen hilo 👏 Sumaría algo clave: en multi-tenant con shared schema, RLS en Postgres es una gran capa de defensa. Confiar en WHERE org_id = ? funciona… hasta que hay un bug o una SQL injection. Sin RLS → podés filtrar datos de todos los tenants Con RLS → la DB limita el acceso aunque la query esté comprometida No reemplaza buenas prácticas como parametrizacion de las queries pero reduce muchísimo el impacto.

Cuando estaba arrancando @lapyme_ar, me enfrenté a la pregunta de cómo manejar multi-tenancy en Postgres para las empresas. Hace unos días salió un artículo muy bueno de @PlanetScale explicando los 3 enfoques: - Shared schema: el más básico. Misma db, mismo schema, y en cada tabla un `tenant_id` u `org_id` como atributo que separa los datos de cada uno - Schema-per-tenant: en vez de tener `public` para todos los tenants, tenés un schema y tablas por cada uno - Database-per-tenant: donde cada tenant tiene su propia base de datos lógica, schema, y tablas El que recomiendan en @PlanetScale y el que usa La Pyme es el más simple: shared schema. Simplemente todas las queries llevan `WHERE org_id= ?`. Y sin RLS. Toda la lógica de "aislamiento" de tenants está en la aplicación, no en la db.

To check if your Google Workspace has been compromised by the same tool that compromised Vercel: 1. Go to admin.google.com/ac/owl/list?ta… - This is Google Admin Console > Security > Access and Data Control > API Controls > Manage app access > Accessed Apps 2. Filter by ID = …v79i7bbvqj.apps.googleusercontent.com - This is the ID of the compromised OAuth app If you see an app after filtering, you have potentially been compromised

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised. We recommend that Google Workspace Administrators check for usage of this app immediately. #indicators-of-compromise-iocs" target="_blank" rel="nofollow noopener">vercel.com/kb/bulletin/ve…

Oh well, thats the end of the weekend

@paoloardoino The future is local LLMs

A brain co-processor in your pocket

@patomolina Pato, te aconsejaria revisar los logs si tienen un teams account porque por ahi hubo algun skill instalado x alguien que disparo las alertas

Anthropic decidió dar de baja a toda nuestra organización por una supuesta infracción de sus condiciones de uso. Qué política específica infringimos no tengo ni la menor idea: simplemente recibimos un mail y listo, adiós Claude. Si querés apelar la medida hay que completar un Google Form, así de ridículo como suena. De golpe más de 60 personas se quedaron sin una herramienta fundamental para trabajar. Integraciones, skills, historial de conversaciones: todo perdido o, en el mejor de los casos, parado por tiempo indeterminado. Enorme aprendizaje para cualquier empresa de software que dependa de herramientas de IA en procesos críticos. Nunca hay que poner todos los huevos en una canasta.

@valenluciana No te acostumbres 🤣

Quiero creer que esto será verdad, después de casi 4 meses sin dos días seguidos de sol ahora viene UNA SEMANA SOLEADA? 🥹🥹🥹🌞🌞🌞