DeviceDoor: a public npm package shipping a Microsoft 365 device-code phishing and bulk-mail framework
OWASP Global AppSec EU 2026 Vienna: Key Takeaways on Secure Software Supply Chain, MCP Security, and the AI-BOM
CI CD Security How Insecure Deserialization Becomes Remote Code Execution (and How to Catch It Before Merge) August 19, 2025
Attacks Analysis The Wrong Way to Get User Input in Python (And the Secure Alternative) August 19, 2025
Attacks Analysis Chmod 777 Is Not a Fix: How a Misconfigured Script Became a Backdoor August 18, 2025
CI CD Security OpenSSL s_client Showed My TLS Was Broken: Diagnosing SSL Errors in CI August 18, 2025
Attacks Analysis From Dev to Target: How Watering Hole Attacks Infiltrate Your Pipeline August 14, 2025
CI CD Security A Typo in package.json Let a Lookalike Package Compromise the Pipeline August 12, 2025