Security

Security from a builder's seat. Vulnerability disclosures, supply-chain attacks, secrets management, and defensive engineering patterns — explained with enough depth to act on, not just react to.

Article 2h ago 0

Inside JumpServer: Open-Source PAM for Modern Infrastructure

A self-hostable alternative to commercial PAM platforms brings browser-based access control, but its multi-component architecture requires careful management.

Emeka Okafor

The GitHub Clone Farm That Beat VirusTotal

A 10,000-repo Trojan campaign weaponizes GitHub's trust signals, search ranking and commit history — and the next mark is your AI agent.

Article · 1w ago2

Zero-Touch OAuth: Securing the MCP Enterprise Agent Stack

The Enterprise-Managed Authorization extension replaces manual consent prompts with centralized, identity-driven token exchange for AI agents.

Article · 1w ago2

License Plate Readers Can Now Fingerprint Your Phone, Earbuds, and Tires

Leonardo's ELSAG SignalTrace bolts RF device-detection onto plate readers. Here's the wireless tech that makes it work — and why it's so hard to dodge.

Article · 1w ago0

Anatomy of a 27-Year-Old OpenBSD Authentication Bypass

A simple validation omission in OpenBSD's PPP stack shows how easily decoupled memory bounds can compromise system security.

Article · 1w ago0

Dismantling the IIS Attack Surface

Why Microsoft's legacy web server remains a prime target for modern reconnaissance and how to harden your Windows workloads.

Article · 1w ago0

Why JWTs Are a Security Anti-Pattern for Sessions

Relying on stateless JSON Web Tokens for persistent user sessions introduces severe security risks and architectural complexity.

Article · 1w ago0

Steam Workshop Wallpapers Exploited to Run Malicious Binaries

Attackers leverage Wallpaper Engine's application feature to execute backdoors and hijack active user sessions.

Article · 1w ago5

AMD Strips TSME Memory Encryption From Consumer CPUs

Developers relying on consumer Ryzen hardware for secure edge or workstation deployments must re-evaluate their physical trust boundaries.

News · 1w ago2

Why CVE Counts Misrepresent Rust and C/C++ Security

Comparing vulnerability counts ignores how the two language ecosystems define the boundary between library bugs and caller misuse.

Article · 1w ago0

How a Fake LinkedIn Job Offer Delivered a Node Backdoor

Attackers are using stolen identities and malicious npm lifecycle scripts to target developers during the recruitment process.

Article · 2w ago4

Curl Pauses Vulnerability Report Intake for July 2026

The project's HackerOne form and security inbox go dark for a month, pushing coordinated disclosure plans into August.

News · 2w ago2

How Public AOSP Test Keys Compromise Automotive Headunits

Shipping production firmware signed with default Android test keys exposes vehicles to local arbitrary code execution.

Article · 2w ago2

Sophisticated AUR Malware Waves Expose Container and Pipeline Risks

A second wave of obfuscated malware targeting Arch Linux's user repository highlights the danger of unpinned, automated builds.

Article · 2w ago3

Arch's AUR Malware Sprawl Hits 1,579 Packages

A user-repository compromise that started at 400 packages ballooned past 1,500 before Arch developers purged the malicious commits.

News · 2w ago6

AI Agents Uncover 21 Zero-Day Vulnerabilities in FFmpeg

Autonomous security agents found decades-old memory safety flaws in the widely deployed media processing library, prompting urgent updates.

News · 2w ago2