Lightnews — Scholar-powered news

Reposted by Kaylin Trychon

Andrew Couts @couts.bsky.social · 6d

NEW: Security researchers warn that the rise of vibe coding can lead to dangerous insecurities in the software supply chain. @lhn.bsky.social reports www.wired.com/story/vibe-c...

Vibe Coding Is the New Open Source—in the Worst Way Possible

As developers increasingly lean on AI-generated code to build out their software—as they have with open source in the past—they risk introducing critical security failures along the way.

www.wired.com

2 25 46

Kaylin Trychon @kaylintrychon.bsky.social · 6d

Where my Denver peeps at?!

Edera @edera.dev · 6d

Are you in the Denver area? The Edera team is there this week and we're holding a little hardened RUN-time. 😉
Join us for a casual 5k, with run or walk groups depending on your preferred speed.
RSVP: luma.com/joajiim7

Ivy, the pink cartoon Axolotl, dress in her running costume

1

Reposted by Kaylin Trychon

Alex Zenla 🏳️‍⚧️ @alex.zenla.io · 6d

Happy to have contributed to this article about a topic I’m passionate about!

Vibe coding is happening and it’s here, but we need to be real about what that means. It’s time to treat it seriously, and we need to know and understand the high stakes :)

www.wired.com/story/vibe-c...

Vibe Coding Is the New Open Source—in the Worst Way Possible

As developers increasingly lean on AI-generated code to build out their software—as they have with open source in the past—they risk introducing critical security failures along the way.

www.wired.com

1 2 6

Reposted by Kaylin Trychon

Lorenzo Franceschi-Bicchierai @lorenzofb.bsky.social · 9d

NEW: The predominantly English-speaking amorphous hacking group known as Scattered Spider/Lapsus$/etc has launched a website to publicize their victims and extort them.

This is the first time the group has such a public presence, indicating an escalation in their strategy.

Hacking group claims theft of 1 billion records from Salesforce customer databases | TechCrunch

The hacking group claims to have stolen about a billion records from companies, including FedEx, Qantas, and TransUnion, who store their customer and company data in Salesforce.

techcrunch.com

2 7 10

Reposted by Kaylin Trychon

Edera @edera.dev · 9d

Happy "It's October 3rd" to those who celebrate!

A Mean Girls meme, showing Lindsey Lohan thinking hard, with the caption "When someone says containers had a security boundary" And Lohan realizing "The boundary does not exist"

1 4

Kaylin Trychon @kaylintrychon.bsky.social · 9d

You can't sit with us... unless you're streaming The Life of a Showgirl on October 3rd

a woman in a pink sweater is sitting on a bed and talking to someone .

ALT: a woman in a pink sweater is sitting on a bed and talking to someone .

media.tenor.com

2

Reposted by Kaylin Trychon

Edera @edera.dev · 12d

Denver, let’s put the run in hardened runtime 🏃‍♂️

Join Edera at Sloan’s Lake on Oct 9, 7:30 AM for a friendly 5k — run or walk, all paces welcome. Stickers, water, bananas, and good company included.

RSVP luma.com/joajiim7

Hardened RUNtime 5k · Luma

Edera is coming to Denver, and we’d love to kick things off with a little hardened runtime of our own. Join us at Sloan’s Lake on Thursday, October 9th at 7:30…

luma.com

2 5

Kaylin Trychon @kaylintrychon.bsky.social · 27d

Can your software handle a smackdown?

Edera @edera.dev · 27d

LET'S GET READY TO RUNTIME RUMBLE!
edera.link/vev3bsky

1 1

Kaylin Trychon @kaylintrychon.bsky.social · Sep 11

“Security can be effectively built-in from the ground up when properly designed,” comments @edera.dev's @alex.zenla.io on Apple's latest push to eliminate memory safety bugs.

More from @lhn.bsky.social & @wired.com www.wired.com/story/apple-...

Apple’s Big Bet to Eliminate the iPhone’s Most Targeted Vulnerabilities

Alongside new iPhones, Apple released a new security architecture on Tuesday: Memory Integrity Enforcement aims to eliminate the most frequently exploited class of iOS bugs.

www.wired.com

4 4

Reposted by Kaylin Trychon

Edera @edera.dev · Aug 11

Want to learn more about what we're doing? Join our webinar with @denhamparry.co.uk on August 26th: edera.link/vev1bsky

Welcome! You are invited to join a webinar: Edera Everyday: Let The Hardened Runtime Era Begin. After registering, you will receive a confirmation email about joining the webinar.

Detection-heavy tools react too late and overwhelm teams with noise. We're launching the Hardened Runtime category—a prevention-first approach that stops breaches at the infrastructure level. Join us...

edera.link

1 4

Reposted by Kaylin Trychon

Edera @edera.dev · Aug 11

Edera Protect just won Innovation of the Year from @cyberscoop.bsky.social.

We're helping to future-proof infrastructure with no tradeoffs—near-native performance, airtight isolation, and zero workflow changes.

Ivy the pink cartoon axolotl wears a tux and holds an award that reads "Ivy". Next to her is an open envelope holding a card that reads "Cyberscoop 50 Awards"

1 3 10

Kaylin Trychon @kaylintrychon.bsky.social · Jul 24

😮‍💨😮‍💨😮‍💨

Edera @edera.dev · Jul 24

We’re declaring an end to "move fast and break things."
It’s time for security that actually prevents breaches — not just detects them after the fact.

🛡️ Introducing the Hardened Runtime:
A new category for modern, AI-powered infrastructure security.
🧵

Ivy, the pink cartoon axolotl, wears a hardhat and coveralls, hovering behind a card that says "Move Fast, Break thing" but there is a handwritten edit, a carot and "Don't" to make the message "Move fast, don't break things"

1

Reposted by Kaylin Trychon

Edera @edera.dev · Jul 22

Edera is making secure computing simple, scalable, and real.
Two @cyberscoop.bsky.social 50 nominations—one for the tech, one for the visionary behind it.
Cast your vote for Edera Protect and @alex.zenla.io :
cyberscoop.com/cyberscoop50...

1 2 5

Kaylin Trychon @kaylintrychon.bsky.social · Jul 18

Great research out of Wiz!

At @edera.dev we think a lot about how to prevent vulns like this one.

Our hardened runtime technology would have completely prevented CVE-2025-23266 by eliminating the shared kernel state that makes this container escape possible. See how: edera.dev/stories/how-...

Wiz io @wizsecurity.bsky.social · Jul 17

🚨 NEW RESEARCH: #NVIDIAscape AI vulnerability uncovered!

Wiz Research discovered a critical vulnerability (CVE-2025-23266) in the NVIDIA Container Toolkit, the glue connecting containers to GPUs across major cloud providers.

3 4

Reposted by Kaylin Trychon

The New Stack @thenewstack.io · Jul 10

A recent industry analysis reveals a major gap in AI infrastructure security between marketing hype and actual enterprise needs.

By @kaylintrychon.bsky.social, thanks to @edera.dev

AI Security Needs Better Infrastructure, Not More Tools

A recent industry analysis reveals a major gap in AI infrastructure security between marketing hype and actual enterprise needs.

bit.ly

2 4

Kaylin Trychon @kaylintrychon.bsky.social · Jul 7

"The MCP vulnerability is more than a single flaw; it highlights how deeply our development environments are becoming intertwined with AI systems that can generate, interpret and execute code autonomously."

The New Stack @thenewstack.io · Jul 7

The objective is to recognize that the power of AI tools lies in connectivity and autonomy, which also introduces systemic vulnerabilities.

MCP Vulnerability Exposes the AI Untrusted Code Crisis

The objective is to recognize that the power of AI tools lies in connectivity and autonomy, which also introduces systemic vulnerabilities.

bit.ly

1

Reposted by Kaylin Trychon

Edera @edera.dev · Jul 3

Edera's virtualization stack relies on the Xen hypervisor for securing and isolating container-based workloads. On top of that is a vital control plane, orchestrating guest lifecycles, resources, and networking.
@alex.zenla.io explains why we wrote the the Xen control plane in Rust.

Rust or Bust: Edera's Rewrite of the Xen Control Plane | Edera Blog

Discover why Edera rewrote the Xen control plane in Rust—and how memory safety gives us a real security edge in container and GPU infrastructure.

edera.dev

4 7

Reposted by Kaylin Trychon

The New Stack @thenewstack.io · Jun 26

A recent industry analysis reveals a major gap in AI infrastructure security between marketing hype and actual enterprise needs.

By @kaylintrychon.bsky.social, thanks to @edera.dev

AI Security Needs Better Infrastructure, Not More Tools

A recent industry analysis reveals a major gap in AI infrastructure security between marketing hype and actual enterprise needs.

bit.ly

2 3

Kaylin Trychon @kaylintrychon.bsky.social · Jun 24

😂

Kaylin Trychon @kaylintrychon.bsky.social · Jun 24

If you know me, you know I LOATHE FUD.

As security communicators, we have a responsibility to understand the importance of communicating the right information—information that adds real value and helps the ecosystem better defend against threats.

Had fun chatting with Matt about this.

Matt Kapko @mattkapko.com · Jun 24

Supposed experts and mainstream media have spent the past few days hyperventilating over reports of a colossal data breach that exposed more than 16 billion credentials. There’s just one inconvenient detail: evidence to support its sensational claim is lacking. cyberscoop.com/colossal-dat...

The ‘16 billion password breach’ story is a farce

Experts told CyberScoop the research 'doesn’t pass a sniff test' and detracts from needed conversations around credential abuse and information stealers.

cyberscoop.com

1 3

Reposted by Kaylin Trychon

Edera @edera.dev · Jun 23

AI security isn’t just about new tools. It’s about whether your infrastructure can handle secure AI workloads at scale.

This article from @kaylintrychon.bsky.social in @thenewstack.io breaks it down:

The real threat isn’t prompts—it's your architecture.
thenewstack.io/ai-security-...

AI Security Needs Better Infrastructure, Not More Tools

A recent industry analysis reveals a major gap in AI infrastructure security between marketing hype and actual enterprise needs.

thenewstack.io

1 3 4

Reposted by Kaylin Trychon

Ariadne Conill 🐰 @ariadne.space · Jun 20

a story in 4 parts…

securebuild: another 0 CVE image service

inspecting the bash image in their portal

4 2 10

Reposted by Kaylin Trychon

Alex Zenla 🏳️‍⚧️ @alex.zenla.io · Jun 14

I wrote some scripts to compare macOS 15.5 vs 26 in key filesystem changes, here is the output: gist.github.com/azenla/dd09b...

Looks at /Applications, /System/Library/CoreServices{,/Applications}, /System/Library/{Frameworks,PrivateFrameworks}, /usr/libexec and /bin, /usr/bin (both no changes)

macOS 15.5 vs macOS 26, key adds / removals

macOS 15.5 vs macOS 26, key adds / removals. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

1 3

Reposted by Kaylin Trychon

Edera @edera.dev · Jun 13

Okay, you know what, there's been so much popping off in Edera-land this week, that even the admin is having a hard time keeping track. From Apple basically saying "Edera is cool and right and you should listen to them", eBPF support, new docs updates, and more. So let's do a round-up, shall we?

1 5 13

Reposted by Kaylin Trychon

cloud-native @cloud-native.activitypub.awakari.com.ap.brid.gy · Jun 12

What You Need To Know About Apple’s New Container Framework At WWDC 2025, Apple announced something that will fundamentally reshape the way we think about container security: its Containerization...

#CI/CD #Containers #Security #sponsor-edera #sponsored-post-contributed

Origin | Interest | Match

What You Need To Know About Apple's New Container Framework

Starting in macOS 26, every macOS developer will have access to proper container isolation in their development workflow.

thenewstack.io

1 2