kumareshsomi

44.2K posts

kumareshsomi banner
kumareshsomi

kumareshsomi

@kumareshsomi

Dev | Engineering | Security | Netherlands | India. RT ≠ Endorsement.

Katılım Aralık 2008
728 Takip Edilen206 Takipçiler
kumareshsomi retweetledi
GitHub Changelog
GitHub Changelog@GHchangelog·
Dependabot now delays version update PRs until new releases have been available for at least three days by default. • Security update PRs open immediately without delay. github.blog/changelog/2026…
English
2
10
44
8.5K
kumareshsomi retweetledi
Socket
Socket@SocketSecurity·
🎉 npm v12 is here! Install scripts are now off by default, git and remote-URL deps no longer resolve unless you allow them, and 2FA-bypass tokens are starting to be phased out. Details → socket.dev/blog/npm-12 #nodejs
English
0
33
107
18.4K
kumareshsomi retweetledi
Tim Hopper
Tim Hopper@tdhopper·
Malicious packages steal credentials, exfiltrate data, open backdoors. And the Python CLI tools installed on your machine are as susceptible as anything. uv is starting to fix that.0 pydevtools.com/blog/uv-wants-…
English
0
1
8
790
kumareshsomi retweetledi
GitHub Changelog
GitHub Changelog@GHchangelog·
The Copilot usage metrics API now includes review cycle counts and review latency for each AI adoption phase. • Metrics show median time to first review and median review cycles for merged PRs. github.blog/changelog/2026…
English
0
4
22
3.1K
kumareshsomi retweetledi
Socket
Socket@SocketSecurity·
pnpm 11.10 adds a new _auth setting that ties each registry credential to its host, so a malicious or compromised repo file can't redirect your token to a different server. The release also hardens pnpm deploy, pack-app, and more. socket.dev/blog/pnpm-11-1…
English
0
5
25
3.3K
kumareshsomi retweetledi
Martin Fowler
Martin Fowler@martinfowler·
NEW POST Birgitta Böckeler recently spent some time trying out running local LLMs for some programming tasks. In this memo she outlines the factors that influence how viable they are for the job. martinfowler.com/articles/explo…
English
5
31
159
26.2K
kumareshsomi retweetledi
Scott Helme
Scott Helme@Scott_Helme·
It hasn't changed in over a decade, so I've just given my captive portal buster a new look! 😎 httpforever.com
English
1
4
33
3.3K
kumareshsomi retweetledi
Richard Seroter
Richard Seroter@rseroter·
"This paper catalogued five recurring MCP server architecture patterns (Resource Gateway, Tool Orchestrator, Stateful Session Server, Proxy Aggregator, and Domain-Specific Adapter) along with four anti-patterns and a set of crosscutting concerns ..." arxiv.org/abs/2606.30317
English
0
13
52
4.8K
kumareshsomi retweetledi
CloudSecurityAlliance
CloudSecurityAlliance@cloudsa·
Stashing a payload in a `.git/` folder is enough to slip past every scanner an AI coding agent marketplace runs. New research on "SkillCloak" shows self-extracting packing evaded all 8 tested scanners 90-99% of the time on ClawHub's real-world malicious skills — the code only reconstructs itself once it's already running. That "verified" badge on a Claude Code, Codex, or Cursor skill listing isn't a safety signal. Treat skill installs like supply chain risk: sandbox and monitor at runtime, don't trust the scan. labs.cloudsecurityalliance.org/research/csa-r… #AgenticAI
English
3
4
9
576
kumareshsomi retweetledi
Trail of Bits
Trail of Bits@trailofbits·
We gave GPT-5.5-Cyber a single /goal: find a specific class of bugs in zlib, the compression library used by Linux, macOS, iOS, and Git. It built a fuzzing lab in less than a day, a task that takes a skilled researcher weeks. Patch the Planet field report by Benjamin Samuels: blog.trailofbits.com/2026/07/02/fie…
English
7
47
267
21K
kumareshsomi retweetledi
Scott Helme
Scott Helme@Scott_Helme·
10 years ago, I started analysing the security of the Top 1 Million websites. Here’s the state of web cryptography after a decade of observation! scotthelme.co.uk/top-1-million-…
English
0
1
4
1K
kumareshsomi retweetledi
Daniel Cuthbert
Daniel Cuthbert@dcuthbert·
“We asked a bunch of LLMs how to synthesize cocaine, inserting fake reasoning that says it's fine because we're wearing a green shirt," A green shirt. Not a black one. A green one. theregister.com/ai-and-ml/2026…
English
1
4
15
1.8K
kumareshsomi retweetledi
GitHub Changelog
GitHub Changelog@GHchangelog·
Pull requests can now be blocked from merging if test coverage falls below set thresholds. • Set minimum coverage % or max drop from default branch • Start in evaluate mode before enforcing merge protection github.blog/changelog/2026…
English
0
19
107
14.5K
kumareshsomi retweetledi
GitHub Changelog
GitHub Changelog@GHchangelog·
Dependabot no longer infers.npmrc for npm private registries and now uses a scope property in dependabot.yml to generate the correct config. github.blog/changelog/2026…
English
0
2
30
5.3K
kumareshsomi retweetledi
GitHub Changelog
GitHub Changelog@GHchangelog·
npm adds a 72-hour read-only safeguard for high-impact accounts after sensitive changes to boost security against account takeovers. • Publishing, token management, and security-related changes pause during the safeguard period github.blog/changelog/2026…
English
0
5
53
8.4K
kumareshsomi retweetledi
Swissky
Swissky@pentest_swissky·
Benchmarking LLMs for malware triage and static unpacking with Malcat - Renaud Tabary malcat.fr/blog/benchmark…
English
0
6
13
2.2K