Skip to content
Category

Security

Security from a builder's seat. Vulnerability disclosures, supply-chain attacks, secrets management, and defensive engineering patterns — explained with enough depth to act on, not just react to.

The Trojan Snow: Protestware and the Dual-Hatted Maintainer Risk
Article 14m ago 0

The Trojan Snow: Protestware and the Dual-Hatted Maintainer Risk

A hidden locale-based trigger in a classic X11 toy exposes the vulnerability of relying on a single upstream-downstream maintainer.

Emeka Okafor
The CAPTCHA is Dead (And AI Killed It)

The CAPTCHA is Dead (And AI Killed It)

Article · 6d ago3
The Cordyceps Exploits: Why Your CI/CD Pipelines Are Wide Open

The Cordyceps Exploits: Why Your CI/CD Pipelines Are Wide Open

Article · 6d ago0
Vulnerability Reports Lost Their Privilege. Now What?

Vulnerability Reports Lost Their Privilege. Now What?

Article · 6d ago3
The Cryptographic Battle for the Bot-Era Web

The Cryptographic Battle for the Bot-Era Web

Article · 1w ago0
GitHub Hardens actions/checkout to Block Pwn Request Attacks

GitHub Hardens actions/checkout to Block Pwn Request Attacks

Article · 1w ago0
The Secure Boot Cert Expiry Won't Brick Your Box — But It Bites Elsewhere

The Secure Boot Cert Expiry Won't Brick Your Box — But It Bites Elsewhere

Article · 1w ago3
Beyond Encryption: The Supply Chain Threat of Pure Exfiltration

Beyond Encryption: The Supply Chain Threat of Pure Exfiltration

Article · 1w ago4
npm v12 Kills Auto-Run Scripts: What Developers Must Do

npm v12 Kills Auto-Run Scripts: What Developers Must Do

Article · 1w ago1
Agentjacking: How Public Sentry Keys Turn AI Coding Agents Into Trojan Horses

Agentjacking: How Public Sentry Keys Turn AI Coding Agents Into Trojan Horses

Article · 1w ago4
Securing AI Agents: Inside NVIDIA's SkillSpector Scanner

Securing AI Agents: Inside NVIDIA's SkillSpector Scanner

Article · 1w ago3
The Android 17 GrapheneOS Port and the Play Integrity Trap

The Android 17 GrapheneOS Port and the Play Integrity Trap

Article · 1w ago3
Agentic Security: Standardizing Cyber Workflows for AI Developers

Agentic Security: Standardizing Cyber Workflows for AI Developers

Article · 1w ago0
Demystifying iOS Device Fingerprinting with Loupe

Demystifying iOS Device Fingerprinting with Loupe

Article · 1w ago3
The AUR Namespace Trap: Lessons from the Atomic Arch Attacks

The AUR Namespace Trap: Lessons from the Atomic Arch Attacks

Article · 1w ago5
North Korean Hackers Poison Mastra AI in npm Attack

North Korean Hackers Poison Mastra AI in npm Attack

Article · 1w ago1