North Korean hackers poisoned 140+ npm packages of an AI framework — the Mastra attack and what it teaches
Microsoft attributed to North Korea a supply-chain attack that poisoned 140+ npm packages of the Mastra AI framework. The trick: hijack a maintainer account and inject a decoy package (easy-day-js, mimicking dayjs) whose postinstall downloaded a credential and crypto-wallet stealer. I explain how it works — and how to harden your dependencies.
npm
Supply Chain
IA
388 Read
SecurityGuide
How to back up your website (and why your host's backup isn't enough)
Almost everyone trusts their host's 'automatic backup' — until the day the server goes down and takes the backup with it. I explain the 3-2-1 rule, what really belongs in a backup (files + database), how to automate it, and — the step almost no one does — how to test the restore before you actually need it.
Backup
Hospedagem
WordPress
205 Read
DevProject
Building a professional site without coding: why I built Vitriny (and how you can try it today)
I used to send website prototypes over WhatsApp to small businesses — and watched half of them vanish before closing. Instead of selling prototype by prototype, I turned the idea into a tool: Vitriny, a builder where clinics, salons and professionals create their own premium site in minutes, no coding. I tell the story, show how it works, and leave you the live demo to try now.
Vitriny
Micro-SaaS
Sites
273 Read
SecurityNews
A LiteSpeed flaw lets a neighbor on your shared host become 'root' — and reach your site (CVE-2026-54420)
CISA confirmed active attacks on the LiteSpeed cPanel plugin: with any FTP or web-shell access, an attacker escalates to root on the server — and on shared hosting that means reaching every neighbor's site, including yours. I explain what 'tenant breakout' is, who's in the crosshairs, and a checklist of what to ask your host (and what to harden on your side).
Hospedagem
LiteSpeed
cPanel
374 Read
SecurityGuide
How to prevent form spam without CAPTCHA (Honeypot and Time-trap)
reCAPTCHA stops bots, but kills conversion and annoys real users. Learn how to protect your forms using the Honeypot and Time-trap methods, with clean, copy-pasteable code for your site.
Segurança
Formulários
Anti-Spam
591 Read
DevProject
How much does a prompt cost? I ran the numbers for 8 AI models and show where the money goes
Most people pick an AI model out of habit — and overpay for it. I built PromptTools: paste your prompt, it estimates tokens, compares costs across 8 models, and projects your spend by volume. All in the browser, no API calls, no signup.
PromptTools
LLM
Custo
461 Read
SecurityProject
How to know if your password is truly strong (the math that 'password tips' ignore)
Senha123! has uppercase, a number and a symbol — and cracks in seconds. The problem is that 'password tips' measure shape, not true strength. PassGuard calculates entropy with human-pattern detection (word+suffix, keyboard sequences, years) and shows crack time across three attack speeds.
Senha
Segurança
Entropia
440 Read
DevNews
The US government forced Anthropic to shut down its most advanced models — and the lesson for AI builders
In June 2026, Anthropic's Fable 5 and Mythos 5 went offline at the US government's request. If you build products with AI, the episode raises an uncomfortable question: what happens when the model you depend on disappears? The technical answer is simpler than it sounds.
IA
Anthropic
Regulação
944 Read
SecurityNews
Google detected the first AI-created zero-day used in a real attack — what changes for website owners
Google Threat Intelligence reported something unprecedented: a group used AI to find and exploit a zero-day in SQLite in a real attack. The AI wasn't the attacker — it was the accelerator. The window between a vulnerability appearing and being exploited just got shorter. What does this mean in practice?
Zero-day
IA
Segurança
225 Read
SecurityGuide
HTTP security headers: what each one does and how to activate them on your server (free generator)
HTTPS protects the channel — but it doesn't tell the browser how to behave inside the page. Clickjacking, XSS, and Referer leaks happen even with the green padlock. I explain the 7 headers that matter most and give you a generator that produces ready-to-paste Apache or Nginx config.
HTTP Headers
Apache
Nginx
898 Read
SecurityGuide
Website security: the practical guide to protecting yours (no panic)
Most hacked sites didn't fall to an evil genius — they fell to an outdated plugin, a weak password, or carelessness. Here are the threats that most often take small-business sites down, and a layered plan to close the doors — with the guides and tools for each part.
Segurança
WordPress
LGPD
879 Read
ToolsProject
Freelancer contract: the template that protects your payment (free, in the browser)
I've been stiffed, I've done endless revisions, and I've watched clients vanish mid-project — every time the deal lived 'in the chat'. So I built a free contract generator, 100% in your browser, with the 4 clauses that actually protect a freelancer's pay. I'll walk you through each one with the real pain it solves.
Freelancer
Contratos
Pagamento
703 Read
ToolsProject
Shorten links, generate QR codes, build UTMs and a link-in-bio — all in one place (free)
I keep hearing the same vent from people running marketing: the link is huge and ugly, nobody knows how many clicked, the UTM is a mess and the flyer's QR code measures nothing. I put it all into one free tool — shorten, QR codes, UTMs, link-in-bio, and the clicks behind each one.
Link na bio
QR Code
UTM
640 Read
DevNews
Tech layoffs in 2026: is AI really behind them? (and what you should do)
The 2026 tech layoffs are real — 150,000+ professionals. But the 'AI will replace every dev' narrative is more complicated than it looks. My read of the data (Layoffs.fyi, CNBC, Crunchbase) and what a developer should actually do now.
Mercado
IA
Carreira
447 Read
DevProject
How to generate an ER diagram from SQL (no install, no account, with security audit)
I inherited a database with zero documentation: raw schema, no diagram, no idea if there were security flaws or LGPD issues. Insight solves this in the browser — paste the SQL, get the diagram, the security audit, and the ready-made model code.
Banco de Dados
SQL
ER Diagram
680 Read
ToolsProject
How to send a large file for free (no signup, no email limit, doesn't expire in 7 days)
Email caps at 25MB, WeTransfer slaps ads and expires in 7 days, WhatsApp compresses everything. I built AirBridge: Sala mode (P2P direct between devices, never touches the server) and Cofre mode (temp link that self-destructs in 60 minutes). Free, no signup.
AirBridge
Arquivos
P2P
813 Read
SecurityProject
How to manage vulnerabilities without a spreadsheet (the tracker that calculates severity from CVSS)
Managing pentest findings in a spreadsheet ends badly: no clear priority, ignored SLA, lost ownership, manual reports. VulnGuard calculates severity and SLA from CVSS automatically, tracks the triage workflow and exports PDF reports. Free public demo, no signup.
VulnGuard
Pentest
CVSS
403 Read
ToolsProject
How to transcribe audio to text for free (Whisper in the browser, file never leaves your PC)
Manually transcribing audio is slow, services that 'upload' your file put it on someone's server, and most charge. AudioWriter runs Whisper directly in the browser — your file never leaves your computer. Exports .txt or .srt with timestamps.
AudioWriter
Whisper
Transcrição
830 Read
SecurityNews
A plugin with eval() is hijacking WordPress sites: the Everest Forms case and how to protect yours
A critical flaw (CVSS 9.8) in the Everest Forms Pro plugin lets anyone run PHP on your server — and attacks spiked in May. The bug is textbook: user input flowing straight into eval(). I show how it works and a 5-minute checklist to harden your WordPress.
WordPress
Segurança
PHP
346 Read
ToolsGuide
What AI Skills are — and how to build your own (with 4 ready-made skills to download)
Lots of people are confused about AI 'skills'. No fluff: what they are, what they're for, what that SKILL.md file is, and how to build your own — plus 4 ready-made skills to download and use today in Claude Code.
Skills
IA
Claude
760 Read
DevGuide
Ready-to-copy CSS effects: glow, border-beam, animated gradient, scramble text and more
A live gallery of CSS effects you click, see running and copy the code — no mandatory framework. Glow, border-beam, animated gradient, hover shine, scramble text and aurora. Each one is a div and a handful of lines.
CSS
Design
Frontend
500 Read
DevInteractive
EA simulated the World Cup and already 'knows' the winner. I got suspicious and ran my own — 50,000 times
Every year EA runs the game and 'calls' the World Cup champion — and sometimes nails it. It felt like magic until it clicked: it's just statistics run MANY times. I built a Monte Carlo simulator in your browser so you can run thousands of World Cups and watch each team's odds emerge before your eyes.
Monte Carlo
Probabilidade
Futebol
775 Read
ToolsInteractive
I watched 'Tetris' (2023) and fell into the real story behind the game
The other day I watched the Tetris movie and went to bed seeing falling blocks. By morning I was coding my own — and uncovered a billion-dollar fight hiding behind that simple game.
Tetris
Games
História
748 Read
DevInteractive
I fell down a Game of Life rabbit hole — and couldn't stop tinkering
Four tiny rules, zero players, and yet the screen comes alive on its own. I spent a whole night just watching colonies be born and die — and I'll tell you why it fascinates me so much.
Autômatos
Simulação
Conway
948 Read
SecurityInteractive
'Ignore all previous instructions': the attack AI can't fix (and a fake agent for you to hack)
I asked an AI to summarize an email — the email had a hidden note for the bot, and it obeyed. I built a fake 'support agent' with a secret coupon so you can play attacker and feel why this flaw is structural.
prompt-injection
ia
owasp
966 Read
DevInteractive
I turned my coffee machine's noise into music — and built a browser synth with zero dependencies
One morning my coffee machine's hum made me wonder: what if every daily sound were a note? Turns out the browser is already a studio — no installs, no Tone.js — and I'll show you how to make sound from scratch with oscillators.
web-audio
javascript
audio
998 Read
DevInteractive
My AI agent looped and nearly torched the budget: the 'token bucket' that keeps the bill in check
An autonomous agent looped, hammering an expensive tool, and became a financial DoS against me. I'll show you the classic circuit breaker every serious system uses — visualized as a dripping token bucket.
rate-limiting
token-bucket
agentes
858 Read
DevInteractive
Why AI charges per 'piece of a word': I built an in-browser tokenizer so you can see it
I opened my AI API bill, got a scare, and realized almost nobody truly gets what a 'token' is — the unit you pay for. Paste any text and watch the model chop your words into colored pieces, live.
llm
tokenizacao
custos
1k Read
ToolsInteractive
I hated regex until I had to find 4,000 emails in one giant file
I spent hours filtering a log by hand until one line of regex solved it in seconds. It looks like a spell, but it's pure logic — and I left you a playground with Brazilian presets (zip, phone, ID) to try right now.
regex
ferramentas
produtividade
962 Read
ToolsInteractive
That gorgeous light-gray text nobody can actually read
I've shipped 'pretty' sites that were unreadable on a phone in sunlight — and I'll own the mistake. Contrast isn't taste, it's math: here's the WCAG formula in a live checker that lights AA/AAA green or red.
acessibilidade
cores
wcag
1.3k Read
DevInteractive
How a computer draws a perfect maze (without cheating)
Drawing mazes by hand, I always ended up with dead ends or obvious paths. A computer guarantees exactly one route between two points — and I'll show you the algorithm knocking down walls step by step, live.
algoritmos
procedural
canvas
1.1k Read
DevInteractiveMost read
The secret behind every smooth curve you've ever seen on a screen
I opened a project's logo in a vector editor and tugged the little 'handles' that control the curves: how do a handful of points become a perfect curve? Here's a toy to drag the points and watch De Casteljau's magic happen.