Corti.com

Sign in Subscribe

EvilTokens: An AI-Driven Device Code Attack Compromising Microsoft Businesses

EvilTokens: An AI-Driven Device Code Attack Compromising Microsoft Businesses

A new class of identity attacks is rapidly scaling across enterprises: AI-augmented device code phishing, operationalized through phishing-as-a-service (PhaaS) platforms like EvilTokens. Microsoft and multiple security vendors have confirmed that these attacks are now widespread and highly effective, compromising organizations daily by abusing legitimate authentication flows rather than exploiting vulnerabilities.

AI Agent Traps: When the Web Becomes the Attack Surface for Autonomous Agents

AI Agent Traps: When the Web Becomes the Attack Surface for Autonomous Agents

Autonomous AI agents are quickly moving beyond chat. They browse the web, read documents, call tools, retrieve knowledge, send messages, and increasingly act on behalf of users and organizations. That shift creates a new security problem: the environment itself can become hostile. That is the core argument in AI Agent

Working Beyond the Desk: Using the M5 Apple Vision Pro as a High-Brightness External Display that works on the Balcony on a Sunny Day

Working Beyond the Desk: Using the M5 Apple Vision Pro as a High-Brightness External Display that works on the Balcony on a Sunny Day

I recently upgraded from the first-generation Apple Vision Pro to the new Apple Vision Pro M5 because even if this device and MR/VR in general gets a lot of bad press, it has fundamentally changed how I think about “where work happens.” Most coverage of spatial computing still focuses

Apple Vision Pro in Switzerland: How to Use It Well in an Unsupported Country

Apple Vision Pro in Switzerland: How to Use It Well in an Unsupported Country

Apple Vision Pro is portable by design, and Apple explicitly positions it as a device you can use at home, at work, and while traveling. But there is a practical difference between traveling with Vision Pro and living in a country where Apple does not officially sell or support it.

HVE Core for VS Code: Turning GitHub Copilot into a Structured Engineering System. A Practical Guide

HVE Core for VS Code: Turning GitHub Copilot into a Structured Engineering System. A Practical Guide

AI-assisted engineering becomes much more valuable when it is constrained by process, standards, and reusable workflows. That is exactly where HVE Core for VS Code stands out. Rather than treating GitHub Copilot as a generic chat assistant or code completion engine, Hypervelocity Engineering (HVE) Core turns it into a more

Why Running Redis in a Local Docker Container Is a Smart Move for Developers

Why Running Redis in a Local Docker Container Is a Smart Move for Developers

Modern development is increasingly service-driven. Even small apps often depend on infrastructure components like databases, caches, queues, and session stores. Redis fits naturally into that world because it is fast, simple, and broadly useful for caching, session management, and real-time analytics. Running Redis locally in Docker makes it even more

AI Is Not Converging. It Is Being Orchestrated.

AI Is Not Converging. It Is Being Orchestrated.

For the last two years, the dominant question in AI has been deceptively simple: which model will win? That question made sense when the market was still trying to understand whether large language models were a novelty, a feature, or a platform shift. It makes less sense now. After a

From scanners to reasoning: how LLMs and agent harnesses can improve code security

From scanners to reasoning: how LLMs and agent harnesses can improve code security

Better models matter, but better harnesses may matter more. The future of AI-assisted security is evidence, validation, and human-guided judgment. A year ago, a team at Microsoft explored an idea that felt promising but still a little early: using an AI agent to go beyond vulnerability scanning and perform deeper

AI Hijacking via Open-Source Agent Tooling: A Five-Layer Attack Anatomy

AI Hijacking via Open-Source Agent Tooling: A Five-Layer Attack Anatomy

The threat landscape for AI-assisted development environments has quietly expanded beyond the attack surfaces that traditional security tooling is designed to cover. While conventional supply chain attacks target compiled binaries or runtime dependencies, a new class of attack targets something far more subtle: the behavioral configuration layer of AI coding

Building an AI-Powered Birthday Calendar with FastAPI and Vanilla JavaScript

Building an AI-Powered Birthday Calendar with FastAPI and Vanilla JavaScript

A full-stack self-hosted app with email reminders, AI based gift suggestions, and zero framework overhead on the frontend. Why Build a Birthday Calendar? I kept forgetting birthdays. Not the big ones, those are hard to miss, but the colleague whose birthday is next Tuesday, or the friend who always remembers

AI-Powered 3D Printing: From Text to STL with Meshy and OpenClaw

AI-Powered 3D Printing: From Text to STL with Meshy and OpenClaw

How I taught my AI assistant to generate 3D-printable models from simple text descriptions The Problem I've been 3D printing for years, but there's always been a gap in my workflow: organic shapes are hard. Sure, I can design a technical items, holders, brackets or enclosure

Claude-Mem: Persistent Memory for AI Coding Assistants

Claude-Mem: Persistent Memory for AI Coding Assistants

How an open-source plugin gives Claude Code the ability to remember your entire development history TL;DR claude-mem is an open-source memory system for Claude Code that automatically captures your coding sessions, compresses them with AI, and injects relevant context into future sessions. Think of it as giving Claude a

Optimizing Linux VM Performance: The Ultimate Guide to Swap Configuration

Optimizing Linux VM Performance: The Ultimate Guide to Swap Configuration

How to add the right amount of swap space to your Linux based VM for maximum reliability without sacrificing performance. TL;DR - Quick Reference Table VM RAM Recommended Swap Use Case Command 4GB 2GB (50%) Development, light AI workloads sudo fallocate -l 2G /swapfile 8GB 2-4GB (25-50%) Production apps,

Anthropic Cowork: AI Desktop Automation for Knowledge Workers

Anthropic Cowork: AI Desktop Automation for Knowledge Workers

Anthropic's Claude Code has been transforming how developers work, but many users discovered something unexpected: it's incredibly useful for non-coding tasks too. People started using it for vacation research, building slide decks, organizing files, and managing emails. Anthropic took notice and built Cowork — a desktop AI

Building a Kanban Board with My AI Assistant (Moltbot/Clawdbot): A Collaborative Development Story

Building a Kanban Board with My AI Assistant (Moltbot/Clawdbot): A Collaborative Development Story

What happens when you ask your AI assistant to build a full-stack web application from scratch, deploy it to production, and then start using it together? This post documents exactly that — a real-time collaborative development session that resulted in a working Kanban board in under an hour. The Request It

Clawdbot: The Open Source AI Assistant Revolution

Clawdbot: The Open Source AI Assistant Revolution

There's a growing divide in the tech world right now. As Shruti Mishra pointed out after spending 40 hours researching Clawdbot: "It's who knows about tools like Clawdbot and who doesn't. I'm watching people work 60 hour weeks doing what I

Building CatPaws: A macOS App That Protects Your Work from Curious Cats

Every cat owner who works from home knows the struggle: you're deep in concentration, crafting the perfect email or debugging complex code, when suddenly your feline friend decides that your keyboard is the most desirable spot in the entire house. The result? Random characters flooding your document, accidentally

CVE-2025-55182 “React2Shell” Threat and Mitigations

CVE-2025-55182 “React2Shell” Threat and Mitigations

CVE-2025-55182, nicknamed React2Shell, is a critical security vulnerability (CVSS 10.0) affecting React Server Components (RSC) and related frameworks like Next.js. It stems from an unsafe deserialization flaw in the RSC Flight protocol, which handles server payloads. When a server receives a specially crafted request, the payload is deserialized

AI Assisted Spec-Driven Development with GitHub Spec Kit

AI Assisted Spec-Driven Development with GitHub Spec Kit

Unlocking Precise AI-Assisted Engineering Workflows AI coding assistants like Copilot, Claude Code, or Gemini CLI excel at pattern generation. But left to free-form prompting they often produce code that looks right yet misinterprets intent, architecture, or edge cases. Spec-Driven Development (SDD) reframes this by making specifications the first-class artifact in

Bringing PetLibro Smart Feeders to Apple Home: Building a Homebridge Plugin

Bringing PetLibro Smart Feeders to Apple Home: Building a Homebridge Plugin

A deep dive into reverse-engineering a pet feeder API and building a Homebridge plugin to integrate it with Apple's HomeKit ecosystem. Introduction If you're a smart home enthusiast with pets, you've probably noticed a gap: many smart pet devices don't support Apple

Publishing to the Open Social Web with Ghost (ActivityPub Explained)

Publishing to the Open Social Web with Ghost (ActivityPub Explained)

The modern internet is shifting back toward open, decentralized protocols where publishers retain control over distribution and audience relationships. Ghost’s Social Web feature brings this vision to life by integrating the ActivityPub protocol into its core publishing platform. In this post, we’ll unpack what this means, how it

Running Ghost CMS with Docker, Tinybird Analytics, ActivityPub and a Clean nginx + Caddy Split

Running Ghost CMS with Docker, Tinybird Analytics, ActivityPub and a Clean nginx + Caddy Split

Ghost’s new Docker-based installation approach significantly modernizes how a production Ghost instance can be deployed. It introduces first-class web analytics via Tinybird, native ActivityPub support for the social web, and a clean, composable service architecture that works very well with container orchestration. This site you are looking at is

Never miss that Chat again: Building a Physical Notification Light for Microsoft Teams with Python and a Luxafor USB Flag

Never miss that Chat again: Building a Physical Notification Light for Microsoft Teams with Python and a Luxafor USB Flag

Never miss an important Teams message again—even when you're heads-down in work or away from your desk. The Problem Remote work has made staying on top of communication essential, but constantly watching Microsoft Teams can be distracting. What if you could get a visual indicator that works

From Prompt to Print: Creating Custom 3D-Printable Objects with Gemini, AI Reconstruction, and Bambu Studio

From Prompt to Print: Creating Custom 3D-Printable Objects with Gemini, AI Reconstruction, and Bambu Studio

Generative AI has reached a point where you can go from a simple idea to a fully printable 3D object with surprisingly little manual modeling. This post walks through my end-to-end workflow for creating custom, 3D-printable objects starting from a text prompt, using a mix of generative AI, 3D reconstruction,

Mailrise: Bridging Legacy SMTP Alerts to Modern Notifications with Docker and Apprise

Mailrise: Bridging Legacy SMTP Alerts to Modern Notifications with Docker and Apprise

Mailrise solves exactly this problem: it acts as an SMTP-to-modern-notifications bridge powered by Apprise, allowing anything that can send an email to notify you via Slack (and many other services). In this post, I’ll walk through: * Running Mailrise with Docker * Configuring Slack as a notification target * Sending messages from