Yesterday, I opened Discord to a message from my friend Bastian Allgeier that I had never quite seen in all the years I’ve been building sites with his Kirby CMS. “Today we are releasing our biggest security release in the last 14+ years,” Bastian wrote. “The last few weeks have been intense, to say the least. We received 8 reports within just a couple of days.” Six of those eight security reports turned out to be valid vulnerabilities. The resulting Kirby 5.4.0 release ships with a list of advisories that reads less like a changelog and more like a triage report. Nothing critical, nothing exploited in the wild, luckily – but for a small team that has been quietly maintaining a beautifully designed CMS for more than a decade, this is unlike anything they’ve had to deal with before. And Kirby is far from alone. A few weeks ago, Anthropic’s red team described how their large language model Claude Opus, pointed at a handful of open source projects, autonomously found and validated more…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.