Skip to content
Category

Security

Security from a builder's seat. Vulnerability disclosures, supply-chain attacks, secrets management, and defensive engineering patterns — explained with enough depth to act on, not just react to.

The Trojan Snow: Protestware and the Dual-Hatted Maintainer Risk
Article 14m ago 0

The Trojan Snow: Protestware and the Dual-Hatted Maintainer Risk

A hidden locale-based trigger in a classic X11 toy exposes the vulnerability of relying on a single upstream-downstream maintainer.

Emeka Okafor
Arch's AUR Malware Sprawl Hits 1,579 Packages

Arch's AUR Malware Sprawl Hits 1,579 Packages

News · 2w ago6
AI Agents Uncover 21 Zero-Day Vulnerabilities in FFmpeg

AI Agents Uncover 21 Zero-Day Vulnerabilities in FFmpeg

News · 2w ago2
AUR Supply Chain Attack Delivers eBPF Rootkit and Infostealer

AUR Supply Chain Attack Delivers eBPF Rootkit and Infostealer

News · 2w ago0
Inside 'The Gentlemen' Ransomware: TTPs, AI, and Network Hardening

Inside 'The Gentlemen' Ransomware: TTPs, AI, and Network Hardening

Article · 2w ago2
Critical Ivanti Sentry RCE Under Active Exploitation

Critical Ivanti Sentry RCE Under Active Exploitation

News · 2w ago0
Hundreds of AUR Packages Trojanized with Malicious npm Dependency

Hundreds of AUR Packages Trojanized with Malicious npm Dependency

News · 2w ago0
BorgBackup Server's Security Model: Surviving a Breach on Either Side

BorgBackup Server's Security Model: Surviving a Breach on Either Side

Article · 2w ago0
How an Insecure Update Flow Exposed AMD Systems to RCE

How an Insecure Update Flow Exposed AMD Systems to RCE

Article · 2w ago0
Should AI Code Generators Get CVEs for Insecure Suggestions?

Should AI Code Generators Get CVEs for Insecure Suggestions?

Article · 2w ago0
The Blunt Instrument of AI Safety: Why Researchers Are Fuming Over Anthropic's Fable Guardrails

The Blunt Instrument of AI Safety: Why Researchers Are Fuming Over Anthropic's Fable Guardrails

Article · 2w ago0
The Lexical Trap: Why Anthropic's Fable Guardrails Are Tripping Up Developers

The Lexical Trap: Why Anthropic's Fable Guardrails Are Tripping Up Developers

Article · 2w ago1
Chrome Strips the Last Manifest V2 Escape Hatches — Time to Audit Your Browser Tooling

Chrome Strips the Last Manifest V2 Escape Hatches — Time to Audit Your Browser Tooling

News · 2w ago2
Eyes Open, Vulnerabilities Shipping: The AI Code Security Paradox

Eyes Open, Vulnerabilities Shipping: The AI Code Security Paradox

Article · 3w ago0
Microsoft Pulls Dozens of GitHub Repos After Supply-Chain Malware Targets AI Coders' Credentials

Microsoft Pulls Dozens of GitHub Repos After Supply-Chain Malware Targets AI Coders' Credentials

News · 3w ago5
Miasma Worm Hits Microsoft Packages Twice in Weeks — and Your SLSA Provenance Won't Save You

Miasma Worm Hits Microsoft Packages Twice in Weeks — and Your SLSA Provenance Won't Save You

Article · 3w ago1