secure development – Experimental News Clipping Site

Docker: Unlimited access to Docker Hardened Images: Because security should be affordable, always

Oct 6, 2025

—

by

Source URL: https://www.docker.com/blog/unlimited-access-to-docker-hardened-images-because-security-should-be-affordable-always/ Source: Docker Title: Unlimited access to Docker Hardened Images: Because security should be affordable, always Feedly Summary: Every organization we speak with shares the same goal: to deliver software that is secure and free of CVEs. Near-zero CVEs is the ideal state. But achieving that ideal is harder than it sounds, because…

Wired: Vibe Coding Is the New Open Source—in the Worst Way Possible

Oct 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.wired.com/story/vibe-coding-is-the-new-open-source/ Source: Wired Title: Vibe Coding Is the New Open Source—in the Worst Way Possible Feedly Summary: As developers increasingly lean on AI-generated code to build out their software—as they have with open source in the past—they risk introducing critical security failures along the way. AI Summary and Description: Yes Summary: The text…

Cloud Blog: Agent Factory Recap: Deep Dive into Gemini CLI with Taylor Mullen

Sep 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/developers-practitioners/agent-factory-recap-deep-dive-into-gemini-cli-with-taylor-mullen/ Source: Cloud Blog Title: Agent Factory Recap: Deep Dive into Gemini CLI with Taylor Mullen Feedly Summary: In the latest episode of the Agent Factory podcast, Amit Miraj and I took a deep dive into the Gemini CLI. We were joined by the creator of the Gemini CLI, Taylor Mullen, who shared…

Unit 42: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack

Sep 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/npm-supply-chain-attack/ Source: Unit 42 Title: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack Feedly Summary: Self-replicating worm “Shai-Hulud” has compromised 180-plus software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post “Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack appeared first on Unit…

The Register: ‘Powerful but dangerous’ full MCP support beta for ChatGPT arrives

Sep 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/15/full_mcp_support_in_beta_chatgpt/ Source: The Register Title: ‘Powerful but dangerous’ full MCP support beta for ChatGPT arrives Feedly Summary: ‘Wow this is dangerous’ says Django dev, while others call feature a ‘game-changer’ OpenAI has added a beta of Developer mode to ChatGPT, enabling full read and write support for MCP (Model Context Protocol) tools, though…

The Register: Boffins build automated Android bug hunting system

Sep 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/04/boffins_build_automated_android_bug_hunting/ Source: The Register Title: Boffins build automated Android bug hunting system Feedly Summary: AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to…

The Register: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/amazon_quietly_fixed_q_developer_flaws/ Source: The Register Title: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE Feedly Summary: Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to…

Embrace The Red: Amazon Q Developer: Remote Code Execution with Prompt Injection

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-remote-code-execution/ Source: Embrace The Red Title: Amazon Q Developer: Remote Code Execution with Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a popular coding agent, with over 1 million downloads. The extension is vulnerable to indirect prompt injection, and in this post we discuss a vulnerability that…

Cloud Blog: Beyond guardrails: A taxonomy of platform engineering control mechanisms

Aug 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/application-modernization/platform-engineering-control-mechanisms/ Source: Cloud Blog Title: Beyond guardrails: A taxonomy of platform engineering control mechanisms Feedly Summary: The promise of platform engineering is to accelerate software delivery by empowering developers with self-service capabilities. However, this must be balanced with security, compliance, and operational stability, and for this, you need robust controls. But all too…

Docker: MCP Horror Stories: The GitHub Prompt Injection Data Heist

Aug 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/mcp-horror-stories-github-prompt-injection/ Source: Docker Title: MCP Horror Stories: The GitHub Prompt Injection Data Heist Feedly Summary: This is Part 3 of our MCP Horror Stories series, where we examine real-world security incidents that validate the critical vulnerabilities threatening AI infrastructure and demonstrate how Docker MCP Toolkit provides enterprise-grade protection. The Model Context Protocol (MCP)…

Tag: secure development