AppSec hates this one easy trick: x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware you're not allowed to do that!

New video on the ever evolving tj-actions attack(s) and what to do about them: youtube.com/watch?v=FofQLq…

Can't even talk about nextjs vuln because there's already a new nginx one that seems even worse: wiz.io/blog/ingress-n…

First podcast is live on cloud runtime security! pulse.latio.tech/p/latio-on-the…

Vibe hacking 😂

Is this ingress nightmare vulnerability chain omega difficult to exploit through to the RCE or am I baby brained?

Plenty of good content out there on 𝗶𝗻𝗴𝗿𝗲𝘀𝘀-𝗻𝗶𝗴𝗵𝘁𝗺𝗮𝗿𝗲 ⛈️ 😱 but I didn't think any of it really broke down in plain English what the vulnerabilities are and what your exposure is like, so I wanted to make a video showing it. youtu.be/9U222M-oAJQ

We love supply chain security! (Use openai-agents, not agent)

The Latio AI security scanner has been updated to use ✨ agentic AI ✨ so you can test the differences these approaches make: github.com/latiotech/LAST

I'm convinced about.01% of people talking about MCP clients and servers have tried making one or, even worse, getting someone to use theirs. It's gonna be a little bit before these things take off, and in my opinion it's really a race to be baked into the most popular clients.

Here's how the CVE disclosure system works and why MITRE is a big deal in it: link.excalidraw.com/l/6qFzFKIJXdd/…

New video on the potential MITRE issues youtu.be/lg60QX0FJz0

Extended the PoC of CVE-2025-32433 to test runtime tools by having it run in Kubernetes and grab environment variables github.com/latiotech/inse…

Spent two hours today troubleshooting with cursor and then finally just read the code and fixed it in 15 minutes. Vibe coding rules!

The future of AI generated LinkedIn posts isn't em dashes—it's negative-positive restatement.