Shiva Sankar
@shivasurya.bsky.social
Senior SWE @cartainc | CS UWaterloo | prev @Dropbox | Author - Code Pathfinder (http://codepathfinder.dev) - open-source AI-native static code analysis
Reposted by Shiva Sankar
New galaxies. New friends. Yoshi joins the adventure. The Super Mario Galaxy Movie is only in theaters April 1.
January 25, 2026 at 2:13 PM
New galaxies. New friends. Yoshi joins the adventure. The Super Mario Galaxy Movie is only in theaters April 1.
Issue #16 of AppSec Weekly
CodeBreach: AWS CodeBuild misconfiguration → full SDK takeover
Google weaponizes Net-NTLMv1 with rainbow tables
OpenCode CVSS 10.0 RCE (unauthenticated localhost server)
Svelte ecosystem: 5 CVEs DoS + XSS
Handling shell secrets without leaking to /proc
#AppSec
CodeBreach: AWS CodeBuild misconfiguration → full SDK takeover
Google weaponizes Net-NTLMv1 with rainbow tables
OpenCode CVSS 10.0 RCE (unauthenticated localhost server)
Svelte ecosystem: 5 CVEs DoS + XSS
Handling shell secrets without leaking to /proc
#AppSec
January 21, 2026 at 2:01 AM
Issue #16 of AppSec Weekly
CodeBreach: AWS CodeBuild misconfiguration → full SDK takeover
Google weaponizes Net-NTLMv1 with rainbow tables
OpenCode CVSS 10.0 RCE (unauthenticated localhost server)
Svelte ecosystem: 5 CVEs DoS + XSS
Handling shell secrets without leaking to /proc
#AppSec
CodeBreach: AWS CodeBuild misconfiguration → full SDK takeover
Google weaponizes Net-NTLMv1 with rainbow tables
OpenCode CVSS 10.0 RCE (unauthenticated localhost server)
Svelte ecosystem: 5 CVEs DoS + XSS
Handling shell secrets without leaking to /proc
#AppSec
Issue #15 of AppSec Weekly 🛡️
🪓 6-bug chain → pre-auth RCE in LogPoint SIEM
🪓 PassSeeds: hijacking passkeys for crypto beyond WebAuthn
🪓 Tailscale kills default TPM encryption
🪓 Malicious VS Code extensions in the wild
🪓 Notion AI prompt injection exfiltration
🪓 npm staged publishing post
#AppSec
🪓 6-bug chain → pre-auth RCE in LogPoint SIEM
🪓 PassSeeds: hijacking passkeys for crypto beyond WebAuthn
🪓 Tailscale kills default TPM encryption
🪓 Malicious VS Code extensions in the wild
🪓 Notion AI prompt injection exfiltration
🪓 npm staged publishing post
#AppSec
January 11, 2026 at 3:43 AM
Issue #15 of AppSec Weekly 🛡️
🪓 6-bug chain → pre-auth RCE in LogPoint SIEM
🪓 PassSeeds: hijacking passkeys for crypto beyond WebAuthn
🪓 Tailscale kills default TPM encryption
🪓 Malicious VS Code extensions in the wild
🪓 Notion AI prompt injection exfiltration
🪓 npm staged publishing post
#AppSec
🪓 6-bug chain → pre-auth RCE in LogPoint SIEM
🪓 PassSeeds: hijacking passkeys for crypto beyond WebAuthn
🪓 Tailscale kills default TPM encryption
🪓 Malicious VS Code extensions in the wild
🪓 Notion AI prompt injection exfiltration
🪓 npm staged publishing post
#AppSec
Started publishing weekly roundups of what's happening in #AppSec
MongoDB CVE that hit self-hosted instances
tokenless CSRF making it into OWASP guidance
OpenPGP implementation bugs.
LangChain CVE-2025-68664
TruffleHog's JWT liveness checks.
appsecweekly.net/p/issue-14-a...
#DevSecOps
MongoDB CVE that hit self-hosted instances
tokenless CSRF making it into OWASP guidance
OpenPGP implementation bugs.
LangChain CVE-2025-68664
TruffleHog's JWT liveness checks.
appsecweekly.net/p/issue-14-a...
#DevSecOps
Issue #14 - AppSec Weekly - Jan 2026 🛡️
Your go-to source for the latest in application security trends, tools, and insights from first week of January 2026
appsecweekly.net
January 2, 2026 at 2:44 AM
Started publishing weekly roundups of what's happening in #AppSec
MongoDB CVE that hit self-hosted instances
tokenless CSRF making it into OWASP guidance
OpenPGP implementation bugs.
LangChain CVE-2025-68664
TruffleHog's JWT liveness checks.
appsecweekly.net/p/issue-14-a...
#DevSecOps
MongoDB CVE that hit self-hosted instances
tokenless CSRF making it into OWASP guidance
OpenPGP implementation bugs.
LangChain CVE-2025-68664
TruffleHog's JWT liveness checks.
appsecweekly.net/p/issue-14-a...
#DevSecOps