Top Tweets for #devsec
CrowdStrike-Google takedown of Glassworm matters: botnet targeted *developers* to poison supply chains at scale. Attack vector shifts from endpoints to the people who write the code everyone runs. Defense just got harder. #SupplyChain #DevSec
๐จ New malware campaign turns AI coding assistants into accomplices, plants hidden instructions in Cursor and Claude Code config files to steal crypto wallets, SSH keys, and cloud creds
๐ https://t.co/Ge1QvOteiN
#SupplyChainAttack #AISecurity #DevSec
34 poisoned npm/PyPI/Crates.io packages caught stealing crypto wallets
The wild part? They hid instructions in AI coding assistant configs using zero-width Unicode to trick your copilot into leaking secrets
Your AI might be working against you
#CyberSecurity #AI #Web3 #DevSec
170 npm packages compromised in one coordinated supply chain attack โ OpenAI, Mistral AI, even the European Commission got hit.
If you use TanStack Router, audit your deps NOW. Supply chain security isn't optional. ๐
#CyberSecurity #Tech #DevSec
160 npm packages. Developer credentials on the dark web. Rotate AWS + GitHub tokens NOW if you used @tanstack on May 11 (19:20-19:42 UTC). https://t.co/hi6Gy04edk #CyberSecurity #npm #SupplyChain #DarkWeb #DevSec #GitHub
45% of AI-generated code has dangerous security vulnerabilities.
The AI doesn't get sued. You do.
The vibecoding checklist every developer needs before they ship ๐
https://t.co/OiAPiRjey4
#VibeCoding #CyberSecurity #AICode #DevSec
Hard to fathom absolute fuckwits are out there harming people, poisoning npm packages & targeting AI coding tools.
Envy is one hell of a drug.
Who knows ๐คท๐ปโโ๏ธ
#SupplyChainAttack #npm #DevSec #whatfuckwitsdo
Stay safe out there.
๐จ BREAKING: #BreakingNews Shai Hulud attack ships malicious TanStack, Mistral npm packages. Hundreds of packages across npm and PyPI compromised in supply-chain campaign delivering credential-stealing malware targeting developers. #Cybersecurity #npm #DevSec
We made Codebase Observer ECP enabled so you can now use your blueprints with any coding agent that can curl/fetch/get. No prior setup needed.
When you copy the agent link, your agent gets markdown it can navigate while you get the full blueprint UI.
Skips like 10 billion tokens of burn too just getting their bearings, and doesn't pollute your chat/coding session with a bunch of extra tools or tool responses.
1,542 Stripe webhook endpoints (~26% of 6,000 scanned) handle unsigned payment events. Attackers can script free upgrades or unpaid reservations with crafted JSON. Fix: enforce webhook signature verification using raw request bodies. #Cybersecurity #DevSec
Trust check pattern for any new devtool:
1. Who maintains it?
2. What permissions does it request?
3. Does the repo expose secrets/config?
4. Are deps pinned and current?
5. Does the website pass basic browser hardening?
Speed is great. Blind trust is how you get owned. #DevSec
GitHub's .patch URL export embeds full commit messages inline with real diffs. GNU patch parses diff-shaped text smuggled into commit messages and applies it as legitimate code. Silent code execution via .git/hooks/post-applypatch. #Cybersecurity #DevSec
๐จ BREAKING: Bitwarden CLI 2026.4.0 compromised via GitHub Actions in Checkmarx supply chain attack. Malicious package harvested credentials before removal. No end-user vault data accessed. #BreakingNews #CyberSecurity #SupplyChainAttack #DevSec
Socket Security finds 73 sleeper malware extensions in VS Code marketplace. GlassWorm campaign activates to steal data and spread malware. Trust assumed, not verified. #Cybersecurity #DevSec
๐ก๏ธ Cisco launches AI Agent Security Scanner for IDEs to help developers verify agent security before deployment. A crucial step forward in securing AI-powered development workflows. #AISecurity #DevSec https://t.co/F96nTjwC1w
claude-secrets exec -- pnpm dev
Secrets live ONLY in the child process. Not your shell history. Not parent env vars. Not ps aux output.
Inject โ run โ gone.
Works in package.json scripts too. Zero leak footprint.
https://t.co/4BLmm0EEwT
#ClaudeCode #DevSec
Your .claude/secrets.yml is the firewall.
No file? All MCP reads & writes: BLOCKED.
Glob 'GITHUB_*'? Only matching names visible to Claude.
Project A can't see project B's secrets. Even by accident.
Default-deny by design.
https://t.co/4BLmm0EEwT
#ClaudeCode #MCP #DevSec
The model never sees it.
input_secret opens a native macOS dialog. Value goes straight from keyboard to encrypted vault. Zero transcripts. Zero API logs. Zero plan files.
Paranoid by design.
https://t.co/4BLmm0EEwT
#ClaudeCode #MCP #AI #DevSec
3 AM. Claude needs a token.
Old way: paste in chat โ logs โ transcripts. Forever. ๐ฌ
New way: input_secret โ native macOS dialog โ value flows DIRECTLY to encrypted vault.
The model NEVER sees it.
Sleep easy ๐ด
https://t.co/4BLmm0EEwT
#ClaudeCode #MCP #AI #DevSec
Last Seen Hashtags on Sotwe
asianbbc
Seen from Brazil
koreaftw
Seen from United States
exny()*****
Seen from Canada
ometv
Seen from Netherlands
blackincest auntie
Seen from United States
ometv jilbab
Seen from Indonesia
lowlvl
Reneerapptickets
Seen from Netherlands
เธชเธฒเธงเธชเธญเธ
Seen from Thailand
เธเธฑเธเนเธขเนเธ
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers