Vikas Anil Sharma

Ever shipped a Supabase app and later realized some sensitive data was exposed? 😬 I've built Supaguard to help devs find PII, PCI & sensitive data before anyone else does. Try it free (2 scans) + New Year 35% off → supaguard.pro producthunt.com/products/supag…

Reverse-engineers entire design systems into Claude skills. Drop in a UI reference. It breaks down components, patterns, spacing, and styles, then turns them into reusable Claude skills you can use across projects. github.com/amaancoderx/np…

@mehulmpt Welcome! Feel free to connect - in case you need any help.

Earlier this week, I left Bangalore/India, moved to Dubai indefinitely. I can add reasons but I will skip because internet loves to lose nuance. I also considered SF/US as an option but passed on it for some other reasons. Dubai, UAE is what I hope would be my new home. 🇦🇪

10 GitHub repos so good they shouldn't be free. 1. AutoHedge An autonomous hedge fund built in Python with four AI agents: a director generates investment theses, a quant validates them, a risk manager decides position size, and an execution agent places orders. Operates live on Solana. With 'pip install -U autohedge', you can start trading immediately. repo → github.com/The-Swarm-Corp… 2. Vibe-Trading A trading system using a Directed Acyclic Graph (DAG) model, featuring 64 finance skills and 29 preset specialist agent swarms. Includes analysis methods like Ichimoku, Elliott Wave, SMC, Black-Scholes, full Greeks, and risk parity. Its crypto desk provides liquidation heatmaps and token unlock tracking. You can observe agents debating strategies in real time. repo → github.com/HKUDS/Vibe-Tra… 3. Fincept Terminal A Bloomberg Terminal replacement that runs on your laptop. CFA levels 1, 2, and 3 analytics. 20+ investor AI agents (Buffett, Dalio, Soros). 100+ data connectors, including Polygon, World Bank, and IMF. Bloomberg charges $24,000 a year. This is free. repo → github.com/Fincept-Corpor… 4. LibreChat Every model ChatGPT runs, plus Claude, Gemini, DeepSeek, and 20 more. Self-hosted. Native MCP support. You own the data, the history, the infrastructure. OpenAI charges $20/month to use their wrapper. This costs nothing to use your own. repo → librechat.ai 5. Open Higgsfield AI A self-hosted cinema studio with 200+ AI models. Flux, Midjourney, Sora, Kling, Veo, GPT-4o, SDXL all in one interface. Text to image. Image to video. Cinema mode with pro camera controls. No subscription. Your data stays local. repo → github.com/Anil-matcha/Op… 6. Open-LLM-VTuber A Live2D AI companion that runs offline, sees your screen, hears your voice, and never forgets. Inner thoughts are shown as a separate text layer, so you watch the reasoning happen before words come out. Pet mode floats it on your desktop. Swap the LLM in one config line. repo → github.com/Open-LLM-VTube… 7. Claude Ads A free Claude Code skill that runs 190 audit checks across Google, Meta, YouTube, LinkedIn, TikTok, and Microsoft Ads. 6 parallel subagents firing at once. Consolidates into a single Ads Health Score ranked by revenue impact. Agencies charge $4,000 a month for this. repo → github.com/AgriciDaniel/c… 8. Agentic Inbox Cloudflare just open-sourced an email client where an AI agent reads your inbox and drafts your replies. Runs entirely on Cloudflare Workers. Each mailbox lives in its own Durable Object. Your email never leaves your Cloudflare account. One click deploys it. repo → github.com/cloudflare/age… 9. Camofox Browser An open source headless browser that makes AI agents invisible to bot detection. Spoofs navigator properties, WebGL, AudioContext, and WebRTC at the C++ level. The browser does not look modified because it genuinely is not. Accessibility tree output drops token cost by 90%. repo → github.com/jo-inc/camofox… 10. Hyperframes HeyGen open-sourced a video framework that does everything Remotion does without React, without JSX, without teaching your AI agent a new format. The agent writes HTML. The framework renders MP4. GSAP, Lottie, and Three.js all work. Same HTML always produces the same file. repo → github.com/heygen-com/hyp… These are not toys. Each one replaces a paid product you're still being charged for. Pick one. Install it. Plug it into your workflow. 100% free. 100% open source.

AI-Powered Red Team — 28 Specialized Agents for Offensive Security 🤖🔥 Turn Claude into a full pentesting team. • 28 agents (Recon, AD, Web, Cloud, Mobile) • Auto task routing → correct agent • Real tools support (nmap, sqlmap, nuclei, BloodHound) • Recon → Exploit → Report 🔗 github.com/0xSteph/pentes… #artificialintelligence #RedTeam #Pentesting #cybersecurity #infosec

Vigolium — AI-Powered Vulnerability Scanner 🤖 Vigolium combines high-speed vulnerability scanning with AI-driven security testing. Features: • 250+ vulnerability detection modules • Active & passive scanning • OAST support (Blind XSS, SSRF, Command Injection) • OpenAPI, Postman & Burp support • Authenticated testing for IDOR/BOLA • AI-powered code auditing and finding triage • Autonomous agentic security testing A useful open-source project for pentesters, bug bounty hunters, and application security professionals. 📌 Credit:@Vigolium @j3ssie 🔗 github.com/vigolium/vigol… #CyberSecurity #Pentesting #BugBounty #AppSec #SecurityResearch

> do you understand what Claude Opus 4.8 just did to the Google job market > a senior Google engineer with 11 years of experience > stacked 32 Claude skills on top of his workflow > 8hrs → 2-3hrs per day > $95K developer vs $300K AI architect > same job. different stack. very different salary > the exact skill list is here 👇

WAIT. This is actually insane. A solo dev just won the Anthropic hackathon, shipped a working product in 8 hours with Claude Code, and walked away with $15,000. Then he open-sourced the entire stack. 153,000 stars on GitHub. Here's full setup: → 38 specialized agents (planner, security reviewer, debugger, code reviewer) → 156 skills loaded on demand (/plan, /tdd, /security-scan, /quality-gate) → 72 custom slash commands → AgentShield: 1,282 security tests across CLAUDE .md, MCP configs, hooks, skills → 3 Opus 4.6 agents running red-team pipelines (Attacker, Defender, Auditor) → Continuous learning layer that builds confidence across sessions → Coverage across 12 language ecosystems This is what Claude Code looks like when someone treats it like infrastructure instead of a chatbot.

Your email server might be vulnerable! CVE-2025-49113 allows attackers to compromise servers without authentication. hackers-arise.com/critical-remot… @three_cube @DI0256 @IamSmouk @co11ateral

⚡ scan4all: All-in-one automated vulnerability scanner for red teamers & bug bounty hunters. • Integrates nuclei, subfinder, naabu, ksubdomain & more • 15,000+ PoCs + 7,000+ web fingerprints • Supports weak password checks across 23 protocols • Smart SSL/domain correlation & automated subdomain discovery • Port scan, fuzzing, fingerprinting & vulnerability detection in one tool github.com/GhostTroops/sc… #BugBounty #Pentesting #RedTeam #CyberSecurity #Recon

people are too busy in exploring chrome, kernel and other oss CVEs, meanwhile a DOMPurify bypass was silently dropped 👀 github.com/cure53/DOMPuri…

Just came across this insanely clean browser-based pentest cheatsheet 👀 Source: anshu19981.github.io/Pentestcheatsh… 580+ pentesting commands organized for recon, privesc, AD, web testing, pivoting & more, all inside a fast terminal-style UI. No setup. No clutter. Just practical workflows ⚡ Perfect for OSCP/OSEP prep, labs, CTFs, and real-world engagements. #cybersecurity #bugbounty #pentesting #redteam #oscp

🎯 Bug Bounty Tip: Hunting on targets running Jira, Confluence, Bitbucket, Jenkins, Solr, or Nexus? Bookmark this PoC goldmine 👇 github.com/shadowsock5/Poc CVEs + payloads ready to test. Save hours of recon. #bugbounty #infosec #cybersecurity #bugbountytips

🚨 ULTIMA HORA: Claude Mythos acaba de romper un sistema de defensa de Apple valorado en 2.000 millones de dólares. No lo hizo de la manera obvia. Encontró un vector de ataque completamente distinto al que Apple tenía protegido. Los detalles son brutales: > 5 días de trabajo > Costo total: 35.000 dólares en tiempo de API > El mismo exploit en el mercado gris cuesta entre 5 y 10 millones de dólares El equipo entregó un informe de 55 páginas directamente en las oficinas de Apple. La parte que más impacta: la protección MIE de Apple funcionó exactamente como estaba diseñada. Mythos no la rompió. La rodeó, envenenando los datos que ingería el chip M5. El equipo rojo de Anthropic lo confirmó esta semana: esto no es una cuestión de recursos computacionales. Es defensa nacional.

NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at depthfirst.com/nginx-rift

another day, another universal linux LPE

Scans GitHub repos for AI vulnerabilities with 9,600+ patterns github.com/Pantheon-Secur…

Deepsec is a security harness for finding vulnerabilities in your codebase powered by coding agents github.com/vercel-labs/de…

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io

GitHub repos with reports/writeups for bug bounty hunters: 1. HackerOne Reports github.com/reddelexc/hack… 2. Google VRP Writeups github.com/xdavidhu/aweso… 3. Facebook Bug Bounty Writeups github.com/jaiswalakshans… 4. Awesome Bugbounty Writeups github.com/devanshbatham/… 5. Daily Bugbounty Writeups github.com/securitycipher… #BugBounty #BugBountyTips #Infosec #EthicalHacking #CyberSecurity