Mateus R Campos | マテウス・カンポス

58 posts

Mateus R Campos | マテウス・カンポス

@MateusR1Campos

Java Backend | Spring Boot | Agricultural engineer

Brazil Katılım Mayıs 2025

425 Takip Edilen15 Takipçiler

Mateus R Campos | マテウス・カンポス@MateusR1Campos·10 Haz

👀

ClaudeDevs@ClaudeDevs

We've reset 5-hour and weekly rate limits for all users. Enjoy Fable 5!

ART

Mateus R Campos | マテウス・カンポス retweetledi

Dark Web Intelligence@DailyDarkWeb·8 Haz

🇧🇷 Brazil: Alleged BACEN Data Leak Advertised on Underground Forum A threat actor is advertising what they claim to be a 2026 dataset associated with BACEN (Banco Central do Brasil), Brazil's Central Bank. * The post references multiple database tables, including: * pessoas_juridicas_ctf * vw_bacen_mutuarios * vw_bacen_propriedade * According to the advertisement, one of the datasets contains more than 1.4 million records. * Sample records shown in the post appear to include: * Corporate identifiers (CNPJ) * Company names (Razão Social) * Business classification data * Geographic information * Property and ownership-related records * Borrower and financial relationship information * The actor claims to possess structured database exports and provides example records as proof of access. * At the time of reporting, the authenticity of the dataset and any direct connection to BACEN infrastructure have not been independently verified. * If validated, the exposure could affect organizations, financial institutions, and entities whose information is maintained within Brazil's financial ecosystem. Analyst Note: Because BACEN plays a central role in Brazil's banking and financial infrastructure, any confirmed compromise involving regulatory, borrower, ownership, or corporate datasets would be of significant interest to cybercriminals, fraud actors, and financial intelligence analysts. Claims involving central bank data should be treated with caution until independently verified. #DDW #Intelligence #DarkWeb #Brazil

English

225

23K

Mateus R Campos | マテウス・カンポス retweetledi

Tibo@thsottiaux·8 Haz

I have a new kind of big button that I can press for Codex. Over the next 100 days, we will select one person per day who does impressive or incredibly useful work with Codex and give them 10X usage limits for a month to see what they can do with it. First one tomorrow.

English

1.6K

305

8.5K

1.8M

Mateus R Campos | マテウス・カンポス retweetledi

Hiago@uphiago·29 May

CREDENCIAIS EXPOSTAS no site da Controladoria Geral do Estado consultas.cge.rj.gov.br/src/env.ts consultas.cge.rj.gov.br/src/lib/axios.… Permite N consultas a bancos do governo ATENÇÃO @GovRJ @PRODERJ @SERPRO

Português

201

30.9K

Mateus R Campos | マテウス・カンポス retweetledi

Clandestine@akaclandestine·25 May

http://179.209.192.156:5000 @SmartFitoficial please check

English

1.5K

556.5K

Mateus R Campos | マテウス・カンポス retweetledi

madmorett, CTO da Monest@Morett_the_best·23 May

opa!!!!!!!! vou responder com calma nesse sabadão... acho que ja é consenço que o gargalo não é shippar código, mas garantir qualidade no código gerado e que tudo gerado está indo de acordo com a visão de futuro da empresa então como organizamos na Monest? tudo começa no repositório `monest-docs`, nesse repositório, antes de começar qualquer projeto, fazemos uma RFC, essa RFC será feita pelo time responsável por fazer essa nova funcionalidade, e deverá ser aprovada por 2 TL's, existe um template base com as informações necessárias para começar o projeto após a RFC aprovada, usamos github submodules para levar esse contexto da RFC da para o repositório de frontend/backend, e também usamos a RFC como base para os tickets criados no Linear com o spread da RFC nas codebases e ela sendo usada como base para o Linear para criação das tarefas, vamos começar a codar, depois de garantir na planning que: todos estamos na msm página, se a gnt não tiver na msm pagina, parabéns, vamos gerar linhas pra krl de código apontando para uma direção que não é aonde a empresa quer ir, e tudo vai ser gerado mt rápido durante o ciclo de desenvolvimento, nosso CLAUDE.md sabe que precisa buscar na RFC e na Issue no Linear informações sobre o projeto e a feature que deverá ser feita além disso, temos uma arquivo de guidelines nas codebases, cada um com +- 1000 linhas com todas as régras do repositório: arquitetura, nomeclatura de arquivos, variávels, regras de arquitetura e sintaxes gerais claude code lendo a issue, lendo a rfc, e lendo as guidelines, vai TACAR PAU e codar a feature e abrir uma PR automaticamente com a PR aberta, o coderabbit, que possuí o mesmo contexto do Claude (guidelines, rfc, etc...) vai ler o código, colocar comentários temos uma skill que fica em um feedback loop infinito pegando o que o coderabbit escreveu, e avaliando se é um comentário pertinente, e caso sim, aplicando o fix na PR (é engração, por mais q o comando para o rabbit seja o msm do claude, o rabbit é mt assertivo revisando, pq ele tem menos contexto de arquivos) após isso, o trabalho do desenvolvedor é "testar o trabalho gerado pelo Claude" e direcionar o Claude caso algo tenha saído errado tudo isso acontece com alguns guardrails, exemplo: - toda PR pode ter no máximo 500 linhas - toda PR precisa do approve do rabbit e de um outro dev - temos ao todo 16 shards de testes automatizados e2e, cada um levando em média 10 minutos para rodar - lint/tsc - teste unitário p krl tb "por que limitar linhas????" porque fizemos um estudo interno onde PR's com + de 500 linhas tinham 4x menos comentários, e se o dev n ler o código, como q ele vai explicar pro key acoount como a feature funciona quando ele perguntar um edge case??? então sim, eu preciso garantir que as pessoas ainda LEIAM o que foi gerado métricas side q eu olho: - qtd de bug tickets por squad - qtd de post mortem - oscilação nas golden-metrics hoje + de 80% do código da Monest é gerado via Claude e eu não vejo motivos para isso não ser 100%, mas sempre respeitando o LIMITE COGNITIVO DO SER HUMANO DE LER UM CÓDIGO E ENTENDER não adianta gerar 39283218 features e nem saber comunicar seu cliente sobre o que de fato ela faz, quais as regras de negócio, o que da e o que não da pra fazer depois que o ciclo de desenvolvimento da feature/projeto ta feita, a gnt faz uma ADR, cujo unico objetivo é DOCUMENTAR a feature, e dizer o ENTRY POINT se vc n diz o entry point, vc vai perguntar pra IA "como funciona a feature X", e ela vai ficar igual a uma barata tonta na sua codebase tentando achar onde o código começa e talvez te responda com uma MENTIRA, documentando o entrypoint vc sabe exatamente ONDE COMEÇA a bagaça, e POR ONDE PASSA

Matt Montenegro@eusouomatt

@thiarioli @Morett_the_best Queria entender como vocês lidam com o volume de PRs, code review, deploy, herança de contexto, e também como outros times estão trabalhando.

Português

544

97.4K

Mateus R Campos | マテウス・カンポス retweetledi

Cyber Security News@The_Cyber_News·15 May

⚠️Critical Next.js Vulnerability Exposes Cloud Credentials, API keys, & Admin Panels Source: cybersecuritynews.com/next-js-vulner… A high-severity vulnerability in Next.js threatens self-hosted web applications with severe data breaches. Threat actors can now exploit a Server-Side Request Forgery (SSRF) flaw to silently steal cloud credentials, harvest API keys, and access sensitive internal admin panels. Organizations running self-hosted Next.js environments must patch immediately to prevent attackers from pivoting into their internal networks. The vulnerability, tracked as CVE-2026-44578, originates in how the built-in Next.js Node.js server handles WebSocket upgrade requests. #cybersecuritynews

English

145

702

89.9K

Mateus R Campos | マテウス・カンポス retweetledi

Matt Pocock@mattpocockuk·14 May

/improve-codebase-architecture will soon output HTML This rocks, thanks @trq212

English

2.2K

120K

Mateus R Campos | マテウス・カンポス retweetledi

Matt Pocock@mattpocockuk·15 May

Long skills are such a red flag to me - Hard to audit (and therefore, trust) - Hard to edit (more text, harder to maintain) - Expensive to run (more text, more tokens) The shorter the skill, the better IMO

English

146

1.4K

86.1K

Mateus R Campos | マテウス・カンポス retweetledi

Glaucia Lemos 🌊🤿🐠@glaucia_lemos86·14 May

x.com/i/article/2054…

ZXX

1.4K

Mateus R Campos | マテウス・カンポス retweetledi

Dave Jeffery@DaveJ·11 May

Ask Claude to document and describe the main flows in your app and output in a single page html + json data file. Incredibly useful for humans and the JSON file is very useful for explaining the flow to the LLM when working on new features/bugfixes.

English

134

381

6.1K

484.4K

Mateus R Campos | マテウス・カンポス retweetledi

Aiden Bai@aidenybai·8 May

React Doctor v2 is here Your agent writes bad React code, this catches it Works with Next.js, Vite, React Native. Fix your app in minutes npx react-doctor@latest

English

132

359

5.2K

779.2K

Mateus R Campos | マテウス・カンポス retweetledi

Matt Pocock@mattpocockuk·6 May

1. /grill-with-docs 2. "Oh, I need to prototype some UI" 3. /handoff to /prototype 4. Create prototype, /handoff back to grilling session 5. /to-prd, /to-issues 6. npm run sandcastle 7. /improve-codebase-architecture I love this shit

English

140

3.2K

162.1K

Mateus R Campos | マテウス・カンポス retweetledi

Glaucia Lemos 🌊🤿🐠@glaucia_lemos86·2 May

Isso é verdade. Essa madrugada estava terminando uma feature de um projeto que estou ajudando para uma ONG e meu Deus. Na hora de fazer o build levou quase 5 minutos. Ajudará bastante e estou bem ansiosa com essa mudança!

Mohammed Makulas@makulas1913

تايب سكربت تتخلى رسمياً عن جافاسكربت. الإصدار القادم (7.0) تمت إعادة كتابته بالكامل بلغة Go، وسرعة الـ Compile تضاعفت 10 مرات. لسنوات، كان الـ Compiler الأساسي (tsc) مكتوب بـ TS نفسها ويشتغل على بيئة Node.js. هذا كان قرار استراتيجي ممتاز في البداية عشان يقنعون المطورين يتبنون اللغة، بس هندسياً؟ كان كابوس للمشاريع الضخمة. الـ JavaScript بطبيعتها Single-threaded، ومقيدة جداً في عمليات الـ CPU المكثفة. في المشاريع الضخمة، لما الـ Codebase يتجاوز مليون سطر، الـ Build time يصير كارثة. المطور يغير سطر كود في واجهة معينة ويروح يسوي قهوة لين الـ Type checking يخلص. الانتقال للغة Go (Native port) نسف هذي المشكلة تماماً. اللعبة هنا في الـ Multi-threading. مترجم اللغة صار يستغل كل الـ CPU Cores في جهازك دفعة واحدة (عبر الـ Goroutines). كودك الكبير يتقطع ويتم تحليله بالتوازي. الـ Overhead حق محرك V8 اختفى من المعادلة. التأثير مو بس في راحة المطور. في بيئة الـ Enterprise، هذا يعني أن الـ CI/CD Pipelines في السيرفرات بتخلص أسرع بكثير. فاتورة الكلاود لعمليات الـ Build رح تنزل بشكل ملحوظ للشركات.

Português

132

14.1K

Mateus R Campos | マテウス・カンポス retweetledi

DHH@dhh·2 May

We can just decide that our world should be different. That modern JavaScript can be made with #nobuild. That SaaS services can move out of the cloud. That Apple is not the end of history.

English

115

136

2.4K

240.2K

Mateus R Campos | マテウス・カンポス retweetledi

Cyber Security News@The_Cyber_News·30 Nis

👨‍💻 CVE MCP Server Turns Claude Into a Fully Capable Security Analyst With 27 Tools Source: cybersecuritynews.com/cve-mcp-server… A new open-source project called CVE MCP Server is redefining how security teams triage vulnerabilities, transforming Anthropic's Claude AI into a fully capable security analyst by giving it direct, correlated access to 27 intelligence tools spanning 21 external APIs all through a single natural-language query. The server integrates Claude with 27 security tools organized into five categories: Core Vulnerability Intelligence, Exploit & Attack Intelligence, Advanced Risk & Reporting, Network Intelligence, and Threat Intelligence. The tool catalog is extensive and immediately production-ready. #cybersecuritynews

English

381

19.1K

Mateus R Campos | マテウス・カンポス retweetledi

Claude@claudeai·30 Nis

Claude Security is now in public beta for Claude Enterprise customers. Claude scans your codebase for vulnerabilities, validates each finding to cut false positives, and suggests patches you can review and approve.

English

848

1.9K

21.4K

4.9M

Mateus R Campos | マテウス・カンポス retweetledi

Dark Web Informer@DarkWebInformer·30 Nis

‼️🇧🇷 Hostoo Brazil, a Brazilian shared hosting and cPanel/WHM provider, has allegedly been fully compromised, with 10 servers, 786 SSH shells, and 1.9GB+ of SQL dumps put up for sale. The breach exposes data spanning Brazilian government bodies (Câmaras Municipais), fintech, insurance, legal, health, and education sectors hosted on the provider. ⠀ ‣ Threat Actor: ka1do ‣ Category: Hosting Provider Full Compromise ‣ Victim: Hostoo Brazil (hostoo.com.br) ‣ Industry: Cloud Hosting / cPanel-WHM Provider ⠀ The actor states the access was achieved via exposed MySQL on port 3306 with no IP whitelist, combined with password reuse from SSH. Multiple accounts are reported to have FILE privileges. ⠀ What's in it: ⠀ ▪️ Full control over 10 shared hosting servers ▪️ 1.9GB+ of SQL dumps (29 files) ▪️ 786 SSH shell accounts with valid credentials ▪️ Access to 50+ databases ▪️ 190,848+ Brazilian CPFs ▪️ Tens of thousands of emails, names, contracts, and employee records ▪️ Government databases (licitações, contratos, funcionários, transparência) ▪️ Fintech customer databases (seguroconectado family) ⠀ Affected sectors and notable databases: ⠀ ▪️ Government (Câmaras Municipais including camara ibirarema, camara muritiba) ▪️ Fintech and insurance (seguroconectado) ▪️ Casino, lottery, miscellaneous ▪️ Legal, health, and education

English

118

17K

Mateus R Campos | マテウス・カンポス retweetledi

Allyson de Paula@DePaulaAllyson·30 Nis

🚨 Se vc tem server Linux em produção PARA tudo que vc ta fazendo e vai atualizando… depois lê a CVE Essa vulnerabilidade afeta o seguinte: 🔴 Servidores compartilhados (box de desenvolvimento, hosts de salto, servers de build): qualquer usuário se torna root 🔴 Kubernetes e clusters de contêineres: um pod comprometido escapa para o host 🔴 Runners CI (Tekton, GitHub Actions, Gitea Runner (act_runner), GitLab, Jenkins): uma solicitação de pull maliciosa se torna root no runner 🔴 Plataformas em nuvem que executam código de usuário (notebooks, sandboxes de agentes, serverless functions): um tenant se torna root de host Linha do tempo: 🔴 23 de março de 2026: relatado à equipe de segurança do kernel do Linux 🔴 1 de abril: patch na main (commit a664bf3d603d) 🔴 22 de abril: CVE atribuído 🔴 29 de abril: divulgação pública

International Cyber Digest@IntCyberDigest

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

Português

283

39.4K

Mateus R Campos | マテウス・カンポス retweetledi

Kirill@kirillk_web3·24 Nis

A SINGLE CLAUDE.md FILE JUST HIT #1 ON GITHUB TRENDING. 82,100 stars. 7.8k forks. zero dependencies. Bookmark this before you forget. And your Claude will start working differently. 4 principles. one file. Karpathy's LLM coding habits. distilled. > think before coding. > simplicity first. > surgical edits only. > goal-driven targets before starting. swap it into your CLAUDE.md today. your Claude Code becomes a different tool. Read it today. Link below. Claude → Skills → CLAUDE.md → Better Code → Better Systems → Money

Kirill@kirillk_web3

🚨do you understand what the Head of Anthropic Coding Agents just dropped. 30 minutes. more value than 100 paid courses. not a course. not a tutorial. how top AI researchers actually build. here's the part nobody is talking about: > real workflows. not theory. > vibe coding from the source. > how they think, build, and ship with agents. watch this before you write another prompt. before you build another agent. before you touch another tool. 30 minutes. bookmark it. watch it today. this one changes how you use AI for good.

English

490

8.4K

4.6M

Keşfet

@GovRJ @PRODERJ @SERPRO @SmartFitoficial @trq212 @elonmusk @BarackObama @taylorswift13