DEV Community

Diego Diaz profile picture

Diego Diaz

Systems Engineering student building Sable & AEGIS. Cybersecurity, pentesting & AI enthusiast. Coding from Dominican Republic 🇩🇴

Joined Joined on  Personal website https://sable.somoswilab.com/
Next.js API Security Vulnerabilities: The 10 Most Common Findings (2026)

Next.js API Security Vulnerabilities: The 10 Most Common Findings (2026)

Comments
6 min read
¿Qué es el Pentesting? Guía Completa 2026 para Startups

¿Qué es el Pentesting? Guía Completa 2026 para Startups

Comments
5 min read
Supabase Security Checklist 2026: 15 Checks Esenciales para ProducciĂłn

Supabase Security Checklist 2026: 15 Checks Esenciales para ProducciĂłn

Comments
5 min read
Startup Security Audit Checklist 2026: 50 Checks Before You Ship

Startup Security Audit Checklist 2026: 50 Checks Before You Ship

Comments
5 min read
CVE-2026-32202: APT28 Exploits Incomplete Windows Patch to Steal NTLM Hashes Zero-Click

CVE-2026-32202: APT28 Exploits Incomplete Windows Patch to Steal NTLM Hashes Zero-Click

Comments
3 min read
Penetration Testing for Startups in 2026: The Complete Founder's Guide

Penetration Testing for Startups in 2026: The Complete Founder's Guide

Comments
8 min read
CVE-2026-23918: Apache HTTP/2 Double-Free Flaw Lets Attackers Crash Servers and Potentially Execute Remote Code

CVE-2026-23918: Apache HTTP/2 Double-Free Flaw Lets Attackers Crash Servers and Potentially Execute Remote Code

Comments
4 min read
Ivanti EPMM CVE-2026-6973 RCE Is Under Active Exploit — Patch by Sunday

Ivanti EPMM CVE-2026-6973 RCE Is Under Active Exploit — Patch by Sunday

Comments
4 min read
I scanned 100 vibe-coded apps. 73 had a BOLA.

I scanned 100 vibe-coded apps. 73 had a BOLA.

Comments
6 min read
The 8-item security checklist no one tells indie devs

The 8-item security checklist no one tells indie devs

Comments
6 min read
Dirty Frag: Chained Linux Kernel Flaws Give Root on Every Major Distribution

Dirty Frag: Chained Linux Kernel Flaws Give Root on Every Major Distribution

Comments
4 min read
How BOLA killed my MVP (and what I wish I'd done before launch)

How BOLA killed my MVP (and what I wish I'd done before launch)

Comments
5 min read
Fake OpenAI Repo on Hugging Face Delivered Rust Infostealer to 244,000 Developers

Fake OpenAI Repo on Hugging Face Delivered Rust Infostealer to 244,000 Developers

Comments
4 min read
Two Critical CVEs Hit Hugging Face: TGI DoS (CVE-2026-0599) and LeRobot Unauthenticated RCE (CVE-2026-25874)

Two Critical CVEs Hit Hugging Face: TGI DoS (CVE-2026-0599) and LeRobot Unauthenticated RCE (CVE-2026-25874)

Comments
5 min read
Exim CVE-2026-45185 — Unauthenticated RCE in the World's Most Deployed Mail Server

Exim CVE-2026-45185 — Unauthenticated RCE in the World's Most Deployed Mail Server

1
Comments
3 min read
Hackers Used AI to Build a Zero-Day That Bypasses Two-Factor Authentication — Google Stopped It

Hackers Used AI to Build a Zero-Day That Bypasses Two-Factor Authentication — Google Stopped It

Comments
4 min read
Mini Shai-Hulud Worm Hits 172 npm Packages — Including TanStack, Mistral AI, and Guardrails AI

Mini Shai-Hulud Worm Hits 172 npm Packages — Including TanStack, Mistral AI, and Guardrails AI

Comments
3 min read
Microsoft Patches 138 Vulnerabilities: Netlogon and DNS RCE Flaws Lead May Update

Microsoft Patches 138 Vulnerabilities: Netlogon and DNS RCE Flaws Lead May Update

Comments
4 min read
Hugging Face Double CVE: TGI DoS and LeRobot RCE Expose AI Infrastructure

Hugging Face Double CVE: TGI DoS and LeRobot RCE Expose AI Infrastructure

Comments
4 min read
NGINX Rift: 18-Year-Old Heap Overflow Lets Attackers Hijack One-Third of the Web

NGINX Rift: 18-Year-Old Heap Overflow Lets Attackers Hijack One-Third of the Web

Comments
3 min read
PraisonAI Auth Bypass Was Scanned 4 Hours After Disclosure — And It's an AI Agent Framework

PraisonAI Auth Bypass Was Scanned 4 Hours After Disclosure — And It's an AI Agent Framework

Comments
4 min read
Microsoft Patch Tuesday 2026: 622 Fixes Including Two Actively‑Exploited Zero‑Days

Microsoft Patch Tuesday 2026: 622 Fixes Including Two Actively‑Exploited Zero‑Days

Comments
2 min read
Claw Chain: Four OpenClaw Vulnerabilities Expose 245,000 AI Agent Servers to Data Theft

Claw Chain: Four OpenClaw Vulnerabilities Expose 245,000 AI Agent Servers to Data Theft

Comments
3 min read
Cisco SD-WAN Auth Bypass CVE-2026-20182 Added to CISA KEV — Patch by May 17

Cisco SD-WAN Auth Bypass CVE-2026-20182 Added to CISA KEV — Patch by May 17

Comments
3 min read
Microsoft Exchange OWA Zero-Day CVE-2026-42897 Exploited via Crafted Emails

Microsoft Exchange OWA Zero-Day CVE-2026-42897 Exploited via Crafted Emails

Comments
3 min read
Turla Upgrades Kazuar Backdoor Into Modular P2P Botnet

Turla Upgrades Kazuar Backdoor Into Modular P2P Botnet

Comments
3 min read
Grafana GitHub Token Theft: Codebase Downloaded, Ransom Rejected

Grafana GitHub Token Theft: Codebase Downloaded, Ransom Rejected

Comments
3 min read
Microsoft Dismantles Fox Tempest: The $9K Malware-Signing Service Behind Ransomware's Trust Exploit

Microsoft Dismantles Fox Tempest: The $9K Malware-Signing Service Behind Ransomware's Trust Exploit

Comments
4 min read
Nx Console 18.95.0: How a 2.2M-Install VS Code Extension Became a Credential Stealer

Nx Console 18.95.0: How a 2.2M-Install VS Code Extension Became a Credential Stealer

Comments
3 min read
TeamPCP Breaches GitHub: 3,800 Internal Repos Exfiltrated via Poisoned VS Code Extension

TeamPCP Breaches GitHub: 3,800 Internal Repos Exfiltrated via Poisoned VS Code Extension

5
Comments
4 min read
CVE-2026-9082: Unauthenticated SQL Injection in Drupal Core Lets Attackers Execute Remote Code on PostgreSQL Sites

CVE-2026-9082: Unauthenticated SQL Injection in Drupal Core Lets Attackers Execute Remote Code on PostgreSQL Sites

5
Comments
4 min read
Chrome 146 Zero-Days: The Skia and V8 Attack Surface, 2026 Edition

Chrome 146 Zero-Days: The Skia and V8 Attack Surface, 2026 Edition

Comments
6 min read
AEGIS: Open-Source SOAR for Indie Founders

AEGIS: Open-Source SOAR for Indie Founders

Comments
9 min read
Audit a Cursor or v0-Built MVP Before You Launch

Audit a Cursor or v0-Built MVP Before You Launch

5
Comments
8 min read
The 2026 Vibe-Coder Security Checklist: 17 Items

The 2026 Vibe-Coder Security Checklist: 17 Items

5
Comments
9 min read
Cisco Patches CVSS 10.0 Flaw in Secure Workload — Unauthenticated Attackers Could Gain Site Admin via API

Cisco Patches CVSS 10.0 Flaw in Secure Workload — Unauthenticated Attackers Could Gain Site Admin via API

5
Comments
4 min read
Megalodon: How 5,561 GitHub Repositories Got Backdoored in Six Hours

Megalodon: How 5,561 GitHub Repositories Got Backdoored in Six Hours

Comments 1
4 min read
Crunchyroll Breach: How a Telus Supply-Chain Compromise Let Attackers In — and What to Hunt For

Crunchyroll Breach: How a Telus Supply-Chain Compromise Let Attackers In — and What to Hunt For

Comments
5 min read
The MCP Confused Deputy: Provenance Gaps, Instruction Injection, and DNS Rebinding in the Model Context Protocol

The MCP Confused Deputy: Provenance Gaps, Instruction Injection, and DNS Rebinding in the Model Context Protocol

3
Comments
7 min read
North Korea's Lazarus Group Deploys RemotePE — A Memory-Only RAT That Leaves Zero Disk Traces

North Korea's Lazarus Group Deploys RemotePE — A Memory-Only RAT That Leaves Zero Disk Traces

Comments
3 min read
CVE-2026-45659: SharePoint RCE Flaw Lets Any Site Member Execute Code Remotely

CVE-2026-45659: SharePoint RCE Flaw Lets Any Site Member Execute Code Remotely

Comments
4 min read
Iran's Nimbus Manticore Deploys AI-Assisted MiniFast Backdoor via Phishing and SEO Poisoning

Iran's Nimbus Manticore Deploys AI-Assisted MiniFast Backdoor via Phishing and SEO Poisoning

Comments
4 min read
NGINX Rift: CVE-2026-42945 — An 18-Year-Old Heap Overflow Now Under Active Exploitation

NGINX Rift: CVE-2026-42945 — An 18-Year-Old Heap Overflow Now Under Active Exploitation

Comments
4 min read
TrapDoor: 34+ Malicious Packages Hit npm, PyPI, and Crates.io in Coordinated Supply Chain Attack

TrapDoor: 34+ Malicious Packages Hit npm, PyPI, and Crates.io in Coordinated Supply Chain Attack

Comments
4 min read
Gitea Container Registry Flaw Left 30,000 Private Image Repositories Wide Open for 4 Years

Gitea Container Registry Flaw Left 30,000 Private Image Repositories Wide Open for 4 Years

3
Comments
4 min read
Free Scan or Full Pentest? A Decision Guide for Founders Shipping a Vibe-Coded MVP

Free Scan or Full Pentest? A Decision Guide for Founders Shipping a Vibe-Coded MVP

Comments
7 min read
June 2026 Patch Tuesday: An Actively-Exploited Chrome Zero-Day and a Wormable Windows RCE

June 2026 Patch Tuesday: An Actively-Exploited Chrome Zero-Day and a Wormable Windows RCE

Comments
2 min read
CVE-2026-42271: How a Popular AI Gateway Became an RCE Vector — And What to Audit in Your Stack

CVE-2026-42271: How a Popular AI Gateway Became an RCE Vector — And What to Audit in Your Stack

Comments
3 min read
UNC6508: PRC Spies Exploit REDCap Servers to Infiltrate US Medical Research for 2 Years

UNC6508: PRC Spies Exploit REDCap Servers to Infiltrate US Medical Research for 2 Years

Comments
3 min read
Oracle E-Business Suite CVE‑2026‑46817: Critical Authentication Bypass in Oracle Payments

Oracle E-Business Suite CVE‑2026‑46817: Critical Authentication Bypass in Oracle Payments

Comments
2 min read
Microsoft SharePoint Server Remote Code Execution (CVE‑2026‑45659) Actively Exploited

Microsoft SharePoint Server Remote Code Execution (CVE‑2026‑45659) Actively Exploited

Comments
3 min read
Ubiquiti UniFi Critical Flaws Exposed: CVE-2026-50746 and Companion Vulnerabilities

Ubiquiti UniFi Critical Flaws Exposed: CVE-2026-50746 and Companion Vulnerabilities

Comments
3 min read
Critical XSS Flaw in Zimbra Classic Web Client Enables Arbitrary Code Execution

Critical XSS Flaw in Zimbra Classic Web Client Enables Arbitrary Code Execution

Comments
2 min read
loading...