Mastodawn

LangChain load() should be renamed to dangerousLoad(). It’s eval() in disguise. We’ve spent decades warning engineers about eval(). Repackaging it behind an abstraction doesn’t make it safer. Here’s why that design choice is dangerous.
https://x.com/secdim/status/2023626877315788853

#AppSec #SecureCoding
@LangChainAI

SecDim (@secdim) on X

In December 2025, CVE-2025-68665, a high-severity vuln was reported on LangChain that could result in arbitrary code execution. We investigate how it was patched. Read about it here: https://t.co/0eqfDBzWIF #appsec #langchain #securecoding #programming

X (formerly Twitter)

Pi3cH Nov 17

My jet-lagged side project: I hacked a MIFARE card and turned it into a smart business card that actually does something when you tap it + It lit-up 😎

Here is my write-up: https://pedramhayati.com/blog/hack-mifare-card-into-business-card/

Pi3cH Sep 3, 2025

Learn secure coding in your way: in your IDE using your own personalised pathway. https://secdim.com/news/secure-code-learning-right-where-you-work-secdim-mcp-14744/

Secure Code Learning Right Where You Work - SecDim MCP

Pi3cH Aug 28, 2025

AI MCP secure coding challenge. Hack like 90s https://x.com/secdim/status/1960886731009614333

SecDim (@secdim) on X

Model Context Protocols are increasingly important for LLM contexts. However, they introduce new vulnerabilities. We made challenges for them. Available for free for everyone to try for a Limited Time! 👉 Go try them out now: https://t.co/gzVtmHVLE9 #ai #appsec #securecoding

X (formerly Twitter)

Pi3cH Jul 21, 2025

Anyone interested in building Appsec/DevSecOps/Web3/AI challenges for Appsec Village? There will be prizes for top challenges. We are actively looking. Deadline is 3rd August. More info secdim.com/defcon or appsecvillage.com/ctf

Pi3cH Jun 11, 2025

Since day one @SecDim has been about making secure code learning accessible to all devs.

Now we go one step further:
⚡ Free in-repo secure coding challenges
🔓 For open source projects & volunteer-run meetups

We use OSS. We give back.
https://secdim.com/open-source/

#AppSec #SecureCoding #OpenSource

SecDim - In-Repository Secure Code Learning Wargame

Pi3cH May 28, 2025

🔥 Cooking up something fresh for @firstdotorg!
New challenge formats dropping at #FIRSTCON25 🇩🇰:
👨‍💻 Incident Response for Developers
👨‍💻Defensive CI/CD + Secure Cloud Native Apps
⚔️ Attack & Defence (Battle-Mode) Challenge
Catch us in Copenhagen 👉 https://www.first.org/conference/2025/

Pi3cH May 13, 2025

We have not even got a solution for Prompt Injection meanwhile whole new classes of AI vulnerabilities have emerged. The same new tech cycle: build, ship, profit, maybe sometime later think how to secure it https://vulnerablemcp.info #ai #security

The Vulnerable MCP Project

A community-maintained database of known vulnerabilities, limitations, and security concerns with the Model Context Protocol (MCP)

Pi3cH Apr 19, 2025

I will be hosting a hands-on secure coding and design workshop @NDC_Conferences Melbourne 2025. Come and learn how to build secure cloud native apps from the ground up and move away from duct-tape secure programming. https://secdim.com/post/?slug=ndc-melbourne-2025-fix-the-flag&id=10499 #securecoding #workshop #Australia

SecDim - Secure Coding and AppSec Blog

Pi3cH Mar 31, 2025

Busy (but epic) week ahead! I’ll be at @blackhatevents AISA, with three presentation slots on LLM "insecurity". Catch me at:
📅 Thu, 10:00–11:30, 15:00–15:20 (Theater B)
📅 Fri, 14:30–16:00 (Arsenal)
Want a free pass? here is the guide https://secdim.com/post/?slug=how-to-get-a-free-ticket-to-black-hat-conference&id=5121 #blackhatasia #LLMs