DEV Community

Diego Diaz profile picture

Diego Diaz

Systems Engineering student building Sable & AEGIS. Cybersecurity, pentesting & AI enthusiast. Coding from Dominican Republic 🇩🇴

Joined Joined on  Personal website https://sable.somoswilab.com/
Nx Console 18.95.0: How a 2.2M-Install VS Code Extension Became a Credential Stealer

Nx Console 18.95.0: How a 2.2M-Install VS Code Extension Became a Credential Stealer

Comments
3 min read
TeamPCP Breaches GitHub: 3,800 Internal Repos Exfiltrated via Poisoned VS Code Extension

TeamPCP Breaches GitHub: 3,800 Internal Repos Exfiltrated via Poisoned VS Code Extension

5
Comments
4 min read
CVE-2026-9082: Unauthenticated SQL Injection in Drupal Core Lets Attackers Execute Remote Code on PostgreSQL Sites

CVE-2026-9082: Unauthenticated SQL Injection in Drupal Core Lets Attackers Execute Remote Code on PostgreSQL Sites

5
Comments
4 min read
Chrome 146 Zero-Days: The Skia and V8 Attack Surface, 2026 Edition

Chrome 146 Zero-Days: The Skia and V8 Attack Surface, 2026 Edition

Comments
6 min read
AEGIS: Open-Source SOAR for Indie Founders

AEGIS: Open-Source SOAR for Indie Founders

Comments
9 min read
Audit a Cursor or v0-Built MVP Before You Launch

Audit a Cursor or v0-Built MVP Before You Launch

5
Comments
8 min read
The 2026 Vibe-Coder Security Checklist: 17 Items

The 2026 Vibe-Coder Security Checklist: 17 Items

5
Comments
9 min read
Cisco Patches CVSS 10.0 Flaw in Secure Workload — Unauthenticated Attackers Could Gain Site Admin via API

Cisco Patches CVSS 10.0 Flaw in Secure Workload — Unauthenticated Attackers Could Gain Site Admin via API

5
Comments
4 min read
Megalodon: How 5,561 GitHub Repositories Got Backdoored in Six Hours

Megalodon: How 5,561 GitHub Repositories Got Backdoored in Six Hours

Comments
4 min read
Crunchyroll Breach: How a Telus Supply-Chain Compromise Let Attackers In — and What to Hunt For

Crunchyroll Breach: How a Telus Supply-Chain Compromise Let Attackers In — and What to Hunt For

Comments
5 min read
The MCP Confused Deputy: Provenance Gaps, Instruction Injection, and DNS Rebinding in the Model Context Protocol

The MCP Confused Deputy: Provenance Gaps, Instruction Injection, and DNS Rebinding in the Model Context Protocol

3
Comments
7 min read
North Korea's Lazarus Group Deploys RemotePE — A Memory-Only RAT That Leaves Zero Disk Traces

North Korea's Lazarus Group Deploys RemotePE — A Memory-Only RAT That Leaves Zero Disk Traces

Comments
3 min read
CVE-2026-45659: SharePoint RCE Flaw Lets Any Site Member Execute Code Remotely

CVE-2026-45659: SharePoint RCE Flaw Lets Any Site Member Execute Code Remotely

Comments
4 min read
Iran's Nimbus Manticore Deploys AI-Assisted MiniFast Backdoor via Phishing and SEO Poisoning

Iran's Nimbus Manticore Deploys AI-Assisted MiniFast Backdoor via Phishing and SEO Poisoning

Comments
4 min read
NGINX Rift: CVE-2026-42945 — An 18-Year-Old Heap Overflow Now Under Active Exploitation

NGINX Rift: CVE-2026-42945 — An 18-Year-Old Heap Overflow Now Under Active Exploitation

Comments
4 min read
TrapDoor: 34+ Malicious Packages Hit npm, PyPI, and Crates.io in Coordinated Supply Chain Attack

TrapDoor: 34+ Malicious Packages Hit npm, PyPI, and Crates.io in Coordinated Supply Chain Attack

Comments
4 min read
Gitea Container Registry Flaw Left 30,000 Private Image Repositories Wide Open for 4 Years

Gitea Container Registry Flaw Left 30,000 Private Image Repositories Wide Open for 4 Years

3
Comments
4 min read
Free Scan or Full Pentest? A Decision Guide for Founders Shipping a Vibe-Coded MVP

Free Scan or Full Pentest? A Decision Guide for Founders Shipping a Vibe-Coded MVP

Comments
7 min read
June 2026 Patch Tuesday: An Actively-Exploited Chrome Zero-Day and a Wormable Windows RCE

June 2026 Patch Tuesday: An Actively-Exploited Chrome Zero-Day and a Wormable Windows RCE

Comments
2 min read
CVE-2026-42271: How a Popular AI Gateway Became an RCE Vector — And What to Audit in Your Stack

CVE-2026-42271: How a Popular AI Gateway Became an RCE Vector — And What to Audit in Your Stack

Comments
3 min read
UNC6508: PRC Spies Exploit REDCap Servers to Infiltrate US Medical Research for 2 Years

UNC6508: PRC Spies Exploit REDCap Servers to Infiltrate US Medical Research for 2 Years

Comments
3 min read
Oracle E-Business Suite CVE‑2026‑46817: Critical Authentication Bypass in Oracle Payments

Oracle E-Business Suite CVE‑2026‑46817: Critical Authentication Bypass in Oracle Payments

Comments
2 min read
Microsoft SharePoint Server Remote Code Execution (CVE‑2026‑45659) Actively Exploited

Microsoft SharePoint Server Remote Code Execution (CVE‑2026‑45659) Actively Exploited

Comments
3 min read
Ubiquiti UniFi Critical Flaws Exposed: CVE-2026-50746 and Companion Vulnerabilities

Ubiquiti UniFi Critical Flaws Exposed: CVE-2026-50746 and Companion Vulnerabilities

Comments
3 min read
Critical XSS Flaw in Zimbra Classic Web Client Enables Arbitrary Code Execution

Critical XSS Flaw in Zimbra Classic Web Client Enables Arbitrary Code Execution

Comments
2 min read
loading...