| |
| 🔗 Stories, Tutorials & Articles |
| |
|
| |
| Supply-chain risk of agentic AI - infecting infrastructures via skill worms |
| |
| |
AI assistants with shell, network, or filesystem "skills" don't just help, they expose. These hooks can run commands before any human checks the model’s output. That means a bigger attack surface. More room for lateral movement. Easier persistence.
In setups where tools like Claude Code run often, it starts looking like a supply chain problem: malicious payloads creeping in through routines we trust and workflows we don’t question. |
|
| |
|
| |
|
| |
| Nanoservices: Why Serverless Got Architecture Right |
| |
| |
A fresh take on AWS Lambda and serverless: think nanoservices - tiny, isolated functions instead of chunky microservices.
No shared state or shared runtime but clean separation, lean logic, and fewer ways to screw up scaling.
Where microservices can spiral into spaghetti, nanoservices stay crisp. Each function stands alone. Easier to reason about and easier to maintain. |
|
| |
|
| |
|
| |
| CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig |
| |
| |
| Wiz Research dropped details on CodeBreach, a serious flaw that cracked open AWS SDK GitHub repos, yes, including the popular JavaScript one. The root problem? Leaky regex filters in CodeBuild pipelines. They missed anchors, so attackers slipped in rogue pull requests, dodged build rules, and stole high-privilege GitHub creds. |
|
| |
|
| |
|
| |
| I Cannot SSH Into My Server Anymore (And That’s Fine) |
| |
| |
A dev ditched their $100/month VPS for a clean, automated CoreOS setup. No SSH. No clicking around. Just Ignition, Podman Quadlets, and Terraform doing the heavy lifting.
It boots from YAML, spins up containers with systemd, and keeps itself fresh with Podman auto-updates, zero-touch, straight from the registry. |
|
| |
|
| |
|
| |
| Moltbot Personal Assistant Goes Viral, And So Do Your Secrets |
| |
| |
Moltbot, the self-hosted AI agent with native hooks for Slack, Telegram, and WhatsApp, exploded from 50-ish to over 3,000 GitHub forks a day after going viral on Jan 24, 2026. It's built around a file-backed workspace and automates everything from code deploys to cloud orchestration.
Cool? Definitely. But then came the leaks.
Exposed credentials from public repos and DockerHub cracked open corporate environments. Why? Weak default configs. No secrets scanning baked in. |
|
| |
|
| |
👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community. |
