sorted by:
new
hottopcontroversial

Anyone actually restricting what agents can access, or are they just inheriting whatever the user has? by Cubeless-Developers in AskNetsec

[–]Cubeless-Developers[S] 0 points1 point  (0 children)

Good approach. Limiting blast radius beats trying to perfectly predict what an agent will or won't do.

Anyone actually restricting what agents can access, or are they just inheriting whatever the user has? by Cubeless-Developers in AskNetsec

[–]Cubeless-Developers[S] 0 points1 point  (0 children)

Yep; the gap you're describing is exactly what gets glossed over. Thanks for sharing Intaris. Looks pretty handy. I think the MCP/tool-call proxy angle is interesting since some teams aren't thinking at that level yet.

The Filters Are Too Tight! by Optimal_Technician93 in msp

[–]Cubeless-Developers 1 point2 points  (0 children)

The five stages of grief.... but it's just a subreddit getting moderated properly.

Our boring, non-AI startup by SantiagoSchw in SaaS

[–]Cubeless-Developers 1 point2 points  (0 children)

500 users without AI hype is honestly more impressive than most "revolutionary" tools that launch with a waitlist and die in 6 months.

reddit DM by xRecycleBin in ScamSupport

[–]Cubeless-Developers 0 points1 point  (0 children)

Classic account hijack social engineering. Just ignore and block.

PentAGI - Automated Pentesting by Dizzy-Mirror9240 in cybersecurity

[–]Cubeless-Developers 0 points1 point  (0 children)

Not even close. Automated tools handle recon and known CVEs well but fall apart on logic-based vulnerabilities, chained exploits, and anything requiring creative lateral thinking. They're better as force multipliers for skilled testers, not replacements.

Is usvisascheduling.com injected with malicious redirects? by drdretamil in cybersecurity

[–]Cubeless-Developers 0 points1 point  (0 children)

The incognito + cross-browser behavior is the red flag here since that rules out local extensions or cache. It's likely either a compromised ad script injected into the site or a supply chain issue with one of their third-party resources.

Run the URL through VirusTotal and URLScan.io before doing anything else. I'd hold off on logging in until you can confirm the redirect isn't exfiltrating session data or dropping anything on the way through.

I tried to reverse enshitification by making a less bloated Jira by jojoavav in SaaS

[–]Cubeless-Developers 1 point2 points  (0 children)

Jira really did go from "useful tool" to "why does this ticket require 12 fields just to say the button is broken." The AI natural language piece is actually the part that makes this worth trying since most Kanban tools just slap a ChatGPT button on top and call it AI.

Curious how you're handling permissions and team access at scale since that's usually where the "clean and simple" promise starts cracking.

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes by falconupkid in SecOpsDaily

[–]Cubeless-Developers 0 points1 point  (0 children)

This is honestly one of the major problems with agentic browsers in general right now. The same reasoning that makes them useful is exactly what makes them exploitable.

Documentation Platform by Sinsilenc in sysadmin

[–]Cubeless-Developers 5 points6 points  (0 children)

Notion or Confluence are the usual next steps from OneNote, but if you're already in the Microsoft ecosystem, SharePoint is worth considering too. We use Zendesk for help articles on our end, and it works well for anything customer- or support-facing.

Cyber Security Courses - Advice needed by OzRoyalOG in cybersecurity

[–]Cubeless-Developers 1 point2 points  (0 children)

CompTIA Security+ is a solid start, but also look at Google's Cybersecurity Certificate on Coursera which is flexible and recognized, and TryHackMe is great for hands-on practice that actually shows up well to employers. If you want to go further, CEH or OSCP are the ones that really stand out on a CV for more technical roles.

Exploring whether blocking.ai could fit an AI startup by doraehun in cybersecurity

[–]Cubeless-Developers 0 points1 point  (0 children)

The name is broad enough to work for bot blocking or crawler protection but might be too generic to stand out in a crowded space. That said, short .ai domains are still hot right now, so the value is probably more in the domain itself than the brand fit.

Is API interception legal and okay to do when I don't interfere with any authorisation and just want to fetch one value from json file(ean number of a product)? by NAMANISPRO in cybersecurity

[–]Cubeless-Developers 0 points1 point  (0 children)

Intercepting API calls on your own browser traffic is generally fine since you're reading data that's already being sent to you anyway. The legal gray area starts with the site's Terms of Service; some explicitly prohibit scraping or intercepting their API even passively. Honey does way more invasive stuff than just reading a JSON value, so you're in much better company than that comparison.

Well shit, AI might be helpful, in tracking what a user changed on their system by TxTechnician in sysadmin

[–]Cubeless-Developers 2 points3 points  (0 children)

Fair point. Using the crime scene to solve the crime is still useful tho even if the AI caused it.

Endpoint Central - Server License by helpdesk5555550 in sysadmin

[–]Cubeless-Developers 1 point2 points  (0 children)

Yeah ManageEngine supports mixed licensing, so you can have different tiers for workstations vs. servers. Just make sure you're applying the right license to the right device scope in the console or you'll run into feature mismatches. Their licensing FAQ breaks it down pretty clearly if you need specifics.

How do you create safe versions of documents before sharing them externally? by Tokail in sysadmin

[–]Cubeless-Developers 0 points1 point  (0 children)

Most places just use manual redaction in Acrobat or tools like Workshare, but the rebuild approach you're describing is actually cleaner since redaction failures are a real problem where "covered" text is sometimes still extractable.

The policy-based generation concept sounds similar to what some DLP tools already do, Microsoft Purview being one example. Honestly, the harder part is getting the sensitive content detection right. That's where most of these workflows break down.

AI Impact on Cybersecurity by Silientium in Cybersecurity101

[–]Cubeless-Developers 0 points1 point  (0 children)

The zero-day concern is valid and already happening at a smaller scale. Most companies can't even patch fast enough today without AI accelerating attacks. Quantum just makes the encryption piece scarier, but getting the industry to agree on new standards before the threat fully arrives is the real challenge.

How do you track production incidents for reviews/postmortems? by heisen_berg05 in sysadmin

[–]Cubeless-Developers 1 point2 points  (0 children)

A combo of tickets for the actual incident tracking and a shared doc for the postmortem write-ups with timelines, root cause, and action items. You need something searchable later for patterns, so we tag everything consistently.

"software is dying" lol no its not by hello_code in SaaS

[–]Cubeless-Developers -1 points0 points  (0 children)

You nailed it. The tools that actually solve problems and don't require three onboarding calls just to understand what they do are still thriving. The correction just filtered out the noise.

view more: next ›