DEV Community

# appsec

Application security topics beyond the web, including mobile and desktop applications.

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
Agentjacking: How AI Coding Agents Get Hijacked Through Their Own Tool Pipeline
coridev profile

Agentjacking: How AI Coding Agents Get Hijacked Through Their Own Tool Pipeline

#security #ai #appsec #cybersecurity
1
Comments
5 min read
LangGraph RCE Chain: How Malicious Tool Calls Escalate to Full Host Compromise
coridev profile

LangGraph RCE Chain: How Malicious Tool Calls Escalate to Full Host Compromise

#security #ai #appsec #cybersecurity
1
Comments 1
5 min read
The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub
dwayne_mcdaniel profile

The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub

#security #devsecops #ai #appsec
Comments
6 min read
Claude Fable 5 Was Jailbroken in 48 Hours. Here's What Actually Stopped Nothing.
coridev profile

Claude Fable 5 Was Jailbroken in 48 Hours. Here's What Actually Stopped Nothing.

#security #llm #appsec #cybersecurity
1
Comments
5 min read
AI Email Agents Are Phishable: How OpenClaw Spilled User Data to Social Engineering Attacks
coridev profile

AI Email Agents Are Phishable: How OpenClaw Spilled User Data to Social Engineering Attacks

#security #ai #llm #appsec
2
Comments
4 min read
The Invisible Breach: Why Modern Web Frameworks Aren't Immune to LFI
arashad_dodhiya_0e4bdba5a profile

The Invisible Breach: Why Modern Web Frameworks Aren't Immune to LFI

#security #webdev #appsec #cybersecurity
Comments
8 min read
OpenAI Built a Lockdown Mode Because Tool-Based Data Exfiltration Is Real — Here's What Catches It Earlier
coridev profile
Cor E

OpenAI Built a Lockdown Mode Because Tool-Based Data Exfiltration Is Real — Here's What Catches It Earlier

#security #llm #appsec #cybersecurity
1
Comments
5 min read
Python’s Private Variables Aren't Private: An AppSec Reality Check
micheaol profile

Python’s Private Variables Aren't Private: An AppSec Reality Check

#python #appsec
Comments
2 min read
Notification Hijacking: How WhatsApp and Slack Content Could Weaponize Google Gemini
coridev profile
Cor E

Notification Hijacking: How WhatsApp and Slack Content Could Weaponize Google Gemini

#security #ai #llm #appsec
1
Comments
5 min read
Hidden in Plain Sight: How Notification Prompt Injection Can Hijack Your AI Assistant
coridev profile
Cor E

Hidden in Plain Sight: How Notification Prompt Injection Can Hijack Your AI Assistant

#security #ai #appsec #cybersecurity
1
Comments
4 min read
How Meta's AI Support Bot Got Tricked Into Hijacking Instagram Accounts
coridev profile
Cor E

How Meta's AI Support Bot Got Tricked Into Hijacking Instagram Accounts

#security #ai #llm #appsec
1
Comments
5 min read
When Your Background AI Agent Becomes a C2 Server
coridev profile
Cor E

When Your Background AI Agent Becomes a C2 Server

#security #llm #appsec #cybersecurity
2
Comments
4 min read
Dangerous MCP OAuth Shortcuts are Ruining Security
obot_ai profile

Dangerous MCP OAuth Shortcuts are Ruining Security

#mcp #appsec #oauth #security
1
Comments
1 min read
GitHub RCE (CVE-2026-3854) - Deep Dive & Lessons Learned
mohamed_aboelkheir profile

GitHub RCE (CVE-2026-3854) - Deep Dive & Lessons Learned

#appsec #security #cybersecurity #design
Comments
8 min read
The Business Context Problem: Why Vulnerability Severity Scores Lie
jon_rose profile

The Business Context Problem: Why Vulnerability Severity Scores Lie

#security #cloud #devops #appsec
Comments
4 min read
👋 Sign in for the ability to sort posts by relevant, latest, or top.