Video wird geladen...

Video konnte nicht geladen werden

Zur Startseite

‼️🚨 MAJOR IMPACT: AI just found an 18-year-old NGINX critical remote code execution vulnerability. It has been disclosed on GitHub including PoC code. - Affects NGINX 0.6.27 through 1.30.0 - Triggered via the rewrite and set directives in config - Update NGINX ASAP - NGINX is a widely used...

951,706 Aufrufe • vor 2 Monaten •via X (Twitter)

0 Kommentare

Keine Kommentare verfügbar

Kommentare vom Original-Post werden hier angezeigt

Ähnliche Videos

Noah Brier (Noah Brier) uses Claude Code as his second brain—it’s the coolest notetaking setup I’ve ever seen. He has Claude running on a server in his basement hooked up to a VPN. It stores, reads, and writes to thousands of notes in his Obsidian (Obsidian) vault. He does it all from his phone. I had him on the show to tell us exactly how he’s pulling this off. We get into: - The nuts and bolts of the Claude Code-Obsidian setup: Noah set up Claude Code on top of his Obsidian root directory, and he walked me through how he uses it to prep for an upcoming speech—creating a project folder, pulling in relevant research from his notes, saving transcripts from chats with other LLMs, and generating daily progress updates. - The “thinking partner” that lives inside Noah’s second brain: Noah points out that in the hype around AI’s ability to write, the fact that it can read is overlooked. That’s why he has an agent inside Claude Code with strict guardrails to stay in “thinking mode.” It logs his questions, tracks insights, and catches him up on research if he returns to a project after a few days away. - How Noah does deep work on his phone: Noah rigged a home server in his basement, put his Obsidian vault in it—and then runs Claude Code on top. Noah says that being able to think, write, research, and ship code from his phone has fundamentally changed the way he works. This episode of Every 📧’s AI & I is a must-watch for anyone curious about who wants to learn how to use Claude Code to build a true second brain. Watch below! Timestamps: Introduction: 00:01:19 How you can do deep work on your phone: 00:04:28 Why Noah thinks Grok has the best voice AI: 00:06:14 The nuts and bolts of Noah’s Claude Code-Obsidian setup: 00:11:39 Using an agent in Claude Code as a “thinking partner”: 00:23:59 Noah’s Thomas’ English Muffin theory of AI: 00:35:07 The white space still left to explore in AI: 00:44:04 How Noah is preparing his kids for AI: 00:50:41 How he brought his Claude Code setup to mobile: 01:01:54

Dan Shipper 📧

30,792 Aufrufe • vor 10 Monaten

From Dan Lorenc on the malware attack that almost took down the entire internet last year: “There’s a popular compression library that’s used in almost every piece of software. And it had been maintained by one person in his spare time for the last 20 years. And then a couple years ago, somebody just decided to start helping him. They jumped in, fixed a bunch of bugs, and did a lot of great work. And then that first person got tired of working on it. So he handed the whole project over to this other person. It turned out that other person was just a pseudonym and was not a real person. And within six months of getting control of the project, they had put in a carefully orchestrated set of malware that was really hard to detect and no one noticed. And because it was so widely used, the exploit would've basically given that person remote access to any computer running that piece of software, which was basically everything connected to the Internet. But because it was open source and the code was transparent, some random engineer just happened to be running some benchmarks on a weekend. And he noticed that program was a little bit slower than it used to be, and that it was making a weird cryptographic operation to check something. And right before this thing got widely deployed across every device, he dug in, and discovered that there was a backdoor put in. This was the closest thing to a full-blown internet crisis that we’ve ever had. And they still have no idea who did it. It was just an anonymous email account. No one ever traced it back to an individual. And that's the long game. This person spent years just doing good work and earning the communities trust.”

The Peel

47,683 Aufrufe • vor 1 Jahr

Bash is all you need! Which is why I'm introducing my holiday project: just-bash just-bash is a pretty complete implementation of bash in TypeScript designed to be used as a bash tool by AI agents. Because it turns out agents love exploring data via shell scripts, even beyond coding. It comes with grep, sed, awk and the 99th percentile features that an agent like Claude Code or Cursor would use. In fact, Claude Code can use it for secure bash execution. In the package - A bash-tool for AI SDK - A binary for use by yourself or your coding agents - An overlay filesystem to feed files to your agent securely - A Vercel Sandbox compatible API, so you can quickly upgrade to a real VM if you need to run binaries - An example AI agent that explores the just-bash code base using just-bash - I imported the Oils shell bash compatibility suite and just-bash passes a very good chunk What is interesting about this codebase: It was essentially entirely written by Opus 4.5. Coding agents love bash and they are good at reproducing it. They are also great at text-book recursive descent parsers and AST tweet-walk interpreters. That said, it is, like, a lot of code and I didn't read it all 😅. This is very much a hack, but it also seems to be _really_ useful. I haven't really found anything agents want to use that it doesn't support and it's fast and secure (caveats apply). It doesn't have write access to your computer and the filesystem is given a root that the agent cannot escape from. Find it at Related: Our recent blog post how we migrated our data analysis agent to bash tools and achieved incredible quality improvements The video shows the example agent investigating the just-bash code base

Malte Ubl

124,713 Aufrufe • vor 6 Monaten

I'm teaching a new course! AI Python for Beginners is a series of four short courses that teach anyone to code, regardless of current technical skill. We are offering these courses free for a limited time. Generative AI is transforming coding. This course teaches coding in a way that’s aligned with where the field is going, rather than where it has been: (1) AI as a Coding Companion. Experienced coders are using AI to help write snippets of code, debug code, and the like. We embrace this approach and describe best-practices for coding with a chatbot. Throughout the course, you'll have access to an AI chatbot that will be your own coding companion that can assist you every step of the way as you code. (2) Learning by Building AI Applications. You'll write code that interacts with large language models to quickly create fun applications to customize poems, write recipes, and manage a to-do list. This hands-on approach helps you see how writing code that calls on powerful AI models will make you more effective in your work and personal projects. With this approach, beginning programmers can learn to do useful things with code far faster than they could have even a year ago. Knowing a little bit of coding is increasingly helping people in job roles other than software engineers. For example, I've seen a marketing professional write code to download web pages and use generative AI to derive insights; a reporter write code to flag important stories; and an investor automate the initial drafts of contracts. With this course you’ll be equipped to automate repetitive tasks, analyze data more efficiently, and leverage AI to enhance your productivity. If you are already an experienced developer, please help me spread the word and encourage your non-developer friends to learn a little bit of coding. I hope you'll check out the first two short courses here!

Andrew Ng

1,224,296 Aufrufe • vor 1 Jahr

someone built an AI RED TEAM that maps your entire attack surface as a knowledge graph, finds every vulnerability, then EXPLOITS them to root access AUTONOMOUSLY its called RedAmon, 9,000 templates. 17 node types, actual Metasploit shells, not reports, no pentesters needed 6 phases of autonomous recon: subdomain discovery, port scanning, http probing, resource enumeration, vulnerability scanning, MITRE mapping every finding stored in a Neo4j graph with 17 node types and 20+ relationship types. the AI reasons about the graph, finds attack paths, and runs actual Metasploit exploits, actual shells stress-tested with zero vulnerability data, zero exploit modules, one instruction find a CVE and exploit it, it went from empty database to root-level RCE in 20 steps, researched the exploit on the web, crafted a custom deserialization payload, debugged itself when the first attempt failed next try, the server responded with root access, the highest privilege level on any Linux system. full control over everything the target was running node-serialize 0.0.4, a package with a critical deserialization flaw (CVE-2017-5941, CVSS 9.8), the server takes your cookie, decodes it, and passes it straight into unserialize() which executes any code inside it, the AI figured this out on its own with no hints built on LangGraph + MCP tool servers for naabu, nuclei, curl, metasploit. hunts leaked secrets across GitHub repos, 40+ regex patterns for AWS keys, Stripe tokens, database creds

chiefofautism

70,115 Aufrufe • vor 4 Monaten

✨ A dream I had finally came true: I can now chat directly with my sites to build any feature or fix any bug just via Telegram I've been playing with OpenClaw for 3 weeks now and it's great but I was always too scared to run it on any production server And I was right a bit as Marc Köhlbrugge was able to hack it by social engineering and acting as if it was me, and with enough tries it believed him, and was able to modify the server, change SSH keys etc. of course I had it isolated properly on its own VPS and it didn't touch anything sensitive (as it should!) Marc then reported that bug to Peter Steinberger 🦞 who patched it fast But I wanted to try something more basic and simple, and I think maybe more secure: to just connect Claude Code on my server to Telegram which would be hard locked to only messages from me So I installed claude-code-telegram by Richard Atkinson on the server and run it as a system daemon and it works really well The cool thing is that I was already using Telegram for server errors like this: > Photo AI - ❌ Random credits giveaway failed (Attempt 30/30) with an exception: SQLSTATE[HY000]: General error: 5 database is locked So now I can just reply, "Ok fix this", and Claude Code on the server in production will try (and probably succeed) in fixing it In the video below I asked it to make show [🌳 Parks ] on the map by default on load, it did that, then I reloaded the page and it instantly worked One thing it still needs is sending actual messages while it's doing stuff which OpenClaw does really well, it's annoying to just wait while it says "Working..." but that's probably next

@levelsio

641,661 Aufrufe • vor 5 Monaten

#WATCH | California, USA: On Anthropic Mythos, CEO of Blackstraw AI, Atul Arya says, "...Anthropic has released a reasoning model called Mythos... Unlike standard AI, it explains the 'why' behind its answers. Its primary initial use case is cybersecurity... helping companies identify not just where vulnerabilities exist, but why they occur. Currently, Mythos provides its testing early version to 20 major firms like Microsoft and CrowdStrike... to both simulate and prevent attacks... it's in its early phase... this model is powerful... and will be very useful in future..." Speaking about its impact on the banking industry, he says, "It can be both a threat and helpful... If someone wants to do something wrong, they'll attack the bank... According to me, for the banking industry, it is not a matter of worry. But yes, it is definitely a matter of caution as to what can happen with this and early adoption means adopting it in advance and reaching a stage when it is used in general availability..." On India's banking system's preparations for Mythos, he says, "...What's happened in India is that a large generation has acquired banking access directly on mobile phones, having never seen anything else, including a laptop... Even if we provide this only to banking systems, they are only halfway to success... The remaining 50% depends on public education. In a nation where 60-70% of people live in rural areas, educating users not to click suspicious links or share credentials is critical..."

ANI

93,224 Aufrufe • vor 2 Monaten

Anthropic CEO Dario Amodei just revealed the hidden bottleneck that will kill most AI companies in the next 18 months (Save this). The insight comes from a principle in computer science called Amdahl's Law. Dario's argument is simple when something starts working really well inside an organization, you have to immediately ask what isn't working well around it. Amdahl's Law states that the maximum speedup of any system is capped by the fraction you haven't improved and that applies to companies just as brutally as it applies to processors. If you can suddenly write three or four times as many pull requests as before, you don't get three or four times the output but you rather get a pile of code no one can review, verify, or trust. The data makes this impossible to ignore. Teams with heavy AI coding adoption are merging 98% more pull requests but PR review time has ballooned 91%, deployment velocity is effectively flat and 96% of developers don't fully trust AI-generated code reaching production. AI generated code produces 1.7x more issues per pull request than human written code, 0.83 issues per PR versus 6.45. Veracode's 2026 State of Software Security report found that 82% of organizations now carry security debt, up 11% year over year, with critical security debt surging 36% in a single year driven directly by AI-generated code reaching production faster than security teams can handle. What Dario is describing is a systems problem, not a software problem and coding is roughly 20% of the software delivery cycle. Even at infinite coding speed, you're still bottlenecked by review, security, verification, testing, and deployment which make up the other 80%. The enterprises that win are the ones that identify which part of their system is the new constraint after AI accelerates the old one and fix that next. This is why Anthropic's Claude Code focuses on the full development loop, not just generation, and why the verification and security layer of the AI stack is where the next wave of enterprise value gets created. This is also why Anthropic as a company is positioned differently than most people realize. Anthropic's 2026 Agentic Coding Trends Report found that organizations using full-loop agentic coding workflows where AI handles not just generation but testing, review, and deployment validation reduced their software defect rates by 43% while increasing velocity by 2.8x. Claude Code now authors 4% of all GitHub commits and is on track to hit 20%+ by year-end, with the full-loop use case growing 3x faster than pure code generation. Dario has been building Anthropic around the exact insight he's describing publicly ,the constraint isn't writing code but rather everything that has to happen after.

Milk Road AI

52,190 Aufrufe • vor 2 Monaten

HERMES AGENT WITHOUT TOOLS IS A CHATBOT. WITH THEM IT BUILDS 3D TOWERS IN BLENDER, CHECKS STOCK PRICES, AND DRIVES VS CODE. tonbi JUST DROPPED THE FULL GUIDE. module 6 of his 10-part Hermes masterclass. best breakdown of the tool layer anyone has published. what you need to know: TOOLS vs SKILLS vs MCP skills = instructions (markdown, loaded into context) tools = callable functions (Python, agent emits call, Hermes executes) MCP = adapters to external systems (Blender, Stripe, Linear, Notion) every tool has three parts: → the function (does the real work) → the schema (what the model sees to decide when to call it) → the registry (makes the tool exist in the agent) the model never runs the function directly. it emits a structured request (tool name + JSON args). Hermes executes and returns the result. if the tool fails, the error goes back as JSON. the agent recovers instead of crashing. TOOL SETS CONTROL THE SURFACE hermes chat --tool-sets web # only web tools loaded. no files, no terminal. hermes chat --tool-sets safe # read-only: web search, vision, image gen. # no file writes. no terminal. no code execution. mid-session: /tools enable video /tools disable terminal or toggle in the dashboard: hermes dashboard → Skills → Tool Sets MCP SERVERS two transport types: STDIO (local subprocess) or HTTP (remote endpoint). add a server: hermes mcp # or ask: "add the MCP server for Blender" filter tools with include/exclude per server. keep only what you trust. security: → OAuth 2.1 PKCE (no long-lived tokens in config) → package scanning via api.osv. dev before launch → all MCP calls go through approval gates HERMES AS MCP SERVER hermes mcp serve exposes 10 tools via FastMCP. connect VS Code Copilot or Cursor to your running Hermes instance. BUILD YOUR OWN TOOL He built a stock price tool live: → Python function calling Finnhub API → schema with name, description, parameters → registered in tool_sets.py → agent calls it automatically when relevant any repeating API call in your workflow can become a native tool. full Hermes architecture deep-dive in the article 👇

YanXbt

32,680 Aufrufe • vor 1 Monat

Assumptions about the new "Can More" ChatGPT tool were right - ChatGPT is introducing own take on Claude Artifacts - code & document writing tools with persisted text documents, history revisions (restore previous version), edits and comments (probably used to apply suggested edits) New document symbol in the top navigation shows how many documents you have and allows you to open a resizable canvas to edit them in split view - your ChatGPT conversation on the left side and canvas on the right side, but the code/documents can also be accessed in fullscreen view The canvas is built using ProseMirror (open source WYSIWYM editor) and has an inline action to "Ask ChatGPT" (explain or make edits) for your document and code plus document formatting tools (like bold, italic, font style, etc.) But in addition to that, there are also special action shortcuts for documents and code, with an interesting decision to use sliders for the selection of the desired outcome For Documents - Suggest edits ("How can I improve this. Leave as few comments as possible, but add a few more comments if the text is long. DO NOT leave more than 5 comments. You can reply that you added comments and suggestions to help improve the writing quality, but do not mention the prompt.") - Add emojis ("Replace as many words as possible with emojis.") - Add final polish ("Add some final polish to the text. If relevant, add a large title or any section titles. Check grammar and mechanics, make sure everything is consistent and reads well. You can reply that you added some final polish and checked for grammar, but do not mention the prompt.") - Reading level (Graduate School - "Rewrite this text at the reading level of a doctoral writer in this subject. You may reply that you adjusted the text to reflect a graduate school reading level, but do not mention the prompt", College - "Rewrite this text at the reading level of a college student majoring in this subject", High School - "Rewrite this text at the reading level of a high school student who has taken a couple of classes in this subject.", Keep current reading level, Middle School - "Rewrite this text at the reading level of a middle schooler.", Kindergarten - "Rewrite this text at the reading level of a kindergartener.") - Adjust the length (Longest - "Make this text 75% longer.", Longer - "Make this text 50% longer.", Keep current length, Shorter - "Make this text 50% shorter.", Shortest - "Make this text 75% shorter.") For Code - Code review ("Search for bugs and opportunities to improve the code—for example, ways that performance or code structure could be improved. Leave as few comments as possible, but add more comments if the text is long. DO NOT leave more than 5 comments. You may reply that you reviewed the code and left suggestions to improve the coding quality, but do not mention the prompt.") - Add comments ("Add inline code comments to explain the code, especially parts that are more complex. Make sure to rewrite all the code. You may reply that you added inline comments, but do not mention the prompt.") - Add logs ("Insert logs/print statements in the code that will help debug its behavior. Do not make any other changes to the code.") - Fix bugs ("Find any bugs and rewrite all the code to fix the bugs. Do not leave comments. If there are no bugs, reply that you reviewed the code and found no bugs.") - Port to a language ("Port to a language. Create a new document that rewrites the code in ..." - PHP, C++, Python, Keep current code. No changes will be made, JavaScript, TypeScript, Java) - Suggest edits ("How can I improve this. Leave as few comments as possible, but add a few more comments if the text is long. DO NOT leave more than 5 comments. You can reply that you added comments and suggestions to help improve the writing quality, but do not mention the prompt.")

Tibor Blaho

136,055 Aufrufe • vor 1 Jahr