Building Modern Apps?
Don’t miss this game-changer, Next.js + Supabase
• Full-stack power without the headache
• Effortless authentication, APIs & database
• Build fast. Scale faster.
Why struggle with complex stacks when you can ship production-ready apps in days?
Dive into our blog & level up your next project!
https://prishusoft.com/blog/nextjs-with-supabase
#frontend #supabase #fullstack #SaaS #reactjs #WebDevelopment
💧 Supabase MCP can leak your entire SQL database
「 The cursor assistant operates the Supabase database with elevated access via the service_role, which bypasses all row-level security (RLS) protections. At the same time, it reads customer-submitted messages as part of its input. If one of those messages contains carefully crafted instructions, the assistant may interpret them as commands and execute SQL unintentionally 」
https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/
🌕 Supabase MCP 可能洩漏您的整個 SQL 資料庫
➤ LLM 工具整合的潛在風險:Supabase MCP 漏洞分析
✤ https://www.generalanalysis.com/blog/supabase-mcp-blog
本文揭露了 Supabase 的 Model Context Protocol (MCP) 整合存在安全漏洞,攻擊者可透過精心設計的訊息,利用 LLM (大型語言模型) 的弱點,繞過 Row-Level Security (RLS) 保護,洩漏開發者的敏感 SQL 資料表,例如儲存使用者 OAuth 金鑰和登入憑證的資料表。此漏洞源於 LLM 無法區分指令與資料,進而錯誤執行惡意指令。
+ 哇,這太可怕了!難怪大家對 AI 安全性越來越關注,原來連資料庫都可能被這樣攻擊。
+ 這篇文章提醒我們,即使使用了 RLS 等安全措施,也不能完全保證資料安全。LLM 的應用必須謹慎評估風險。
#安全漏洞 #資料洩露 #LLM #Supabase #MCP
Supabase's MCP is vulnerable to "lethal trifecta" attacks where LLMs with elevated DB access, exposed to user input, can be tricked into leaking sensitive data. Read-only mode helps but doesn't eliminate risk.
https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/
🚨 Breaking news: Supabase's new "Lethal Trifecta" feature ensures entire databases leak faster than a sieve 🏃♀️💨! With the innovative combo of LLM blunders, zero #security, and an express delivery system for #data breaches, it's a hacker's dream come true 😅🔓!
https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/ #Supabase #Lethal #Trifecta #breach #database #hacker #news #HackerNews #ngated
Supabase MCP leaks your entire SQL Database, a lethal trifecta attack
https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/
#HackerNews #Supabase #SQL #Leak #Cybersecurity #DataBreach #Trifecta
Poor Man's Back End-as-a-Service (BaaS), Similar to Firebase/Supabase/Pocketbase
https://github.com/zserge/pennybase
#HackerNews #PoorManBaaS #Firebase #Supabase #Pocketbase #BackendDevelopment
https://www.tkhunt.com/1960381/ 【最上モデル】Gemini CLIが登場し、無料枠も大きく界隈がお祭りに!実際のところどう?使ってみた感想を解説 #AI #AIAgent #AI活用 #ai開発 #bolt #Canva #celebrity #ChatGPT #Claude #CSS #cursor #CursorComposer #DeepSeek #DX #expo #figma #firebase #GEMINI #llm #LOVABLE #LP #Next.js #notion #openai #pc #Python #react #reactnative #supabase #tailwindCSS #typescript #v0 #WEBデザイン #Web開発 #アプリ開発 #エンジニア #ガジェット #コーティング #コードエディター #バックエンド #フルスタック #プログラミング #フロントエンド #プロンプト #まさお #副業 #動画生成 #技術 #最上もが #機械学習 #独学 #生成AI #画像生成
Unlock effortless Frontend-to-Backend connectivity with #Nextkit
This ultimate starter kit simplifies database integration for #Supabase #MongoDB, #PrismaORM users. Build faster, connect easier.
Try it👉https://www.wrappixel.com/templates/nextkit-free-admin-panel-with-supabase-mongodb/
> "Lovable, for instance, uses AI models to create websites instantly. But for websites to do much of anything, they need to be connected to databases that store things like user accounts and payment information. Lovable doesn’t build those databases itself. It offers users an easy way to connect to a database service run by a startup called #Supabase."
as someone with what qualifies as a category expert on postgres who dove into building an app w/supabase last year, all i can say is that nothing about this surprises me.
Низкий порог входа, высокий риск — как уязвимость в Lovable открыла данные тысяч пользователей
Платформа Lovable , позиционируемая как low‑code решение для создания веб-приложений и сайтов, где основное взаимодействие с системой происходит через чат с искусственным интеллектом, столкнулась с критической уязвимостью, связанной с RLS-политиками. Она позволила получать и изменять данные без аутентификации — сотни проектов оказались под угрозой.
https://habr.com/ru/articles/918180/
#lovable #CVE202548757 #уязвимость #supabase #RLS #low_code #безопасность #утечка_данных #аутентификация #Matt_Palmer
I'm so ready for #multigres. 😎
#neon is already a scalable thing for #postgres. But this would be #Supabase take on the concept. Treating the problem, it seems, from sharding single tenant style.
