Blog
Thoughts on code, AI tools, best practices, and building for the web.
All articles
How a Poisoned VS Code Extension Breached GitHub — And What Every Developer Should Do Right Now
A poisoned Nx Console VS Code extension led to GitHub's internal breach. Learn how the attack happened and the steps every developer should take to st…
NGINX Rift (CVE-2026-42945): What It Is and How to Fix It
CVE-2026-42945 is a critical heap buffer overflow in NGINX's rewrite module. Learn what it is, if you're affected, and exactly how to fix it step by s…
CallPhantom: 28 Fake Apps on Google Play Scammed 7.3 Million Users — India Was the Primary Target
ESET uncovered 28 fraudulent Android apps on Google Play promising call history lookups. 7.3M downloads, 53.7% from India, UPI payments exploited. Her…
Fake OpenAI Privacy Filter Hits #1 on Hugging Face — Supply Chain Attack Breakdown
Malicious Hugging Face repo typosquatted OpenAI's Privacy Filter, hit 244K downloads in 18 hours, and deployed a Rust infostealer stealing credentials…
Bleeding Llama (CVE-2026-7482): Critical Ollama Vulnerability Leaks Your Entire Server Memory
Critical Ollama vulnerability CVE-2026-7482 (CVSS 9.1) lets attackers steal API keys, prompts, and secrets from 300K+ servers using 3 unauthenticated…
Microsoft Edge Keeps Every Saved Password in Cleartext Memory — And Microsoft Says It's "By Design"
Microsoft Edge decrypts your entire password vault into plaintext process memory at startup. A researcher proved it, Microsoft called it by design.
CVE-2026-31431 (Copy Fail): 9-Year-Old Linux Kernel Flaw Gives Root on Every Major Distro
Copy Fail (CVE-2026-31431) is a critical Linux kernel privilege escalation flaw hiding since 2017. Learn how it works, which distros are affected, and…
Critical cPanel Authentication Bypass (CVE-2026-41940): What You Need to Know
A critical CVSS 9.8 authentication bypass in cPanel & WHM has been exploited as a zero-day since February 2026. Learn the impact, how it works, and ho…