A breakdown of how Notepad++'s WinGUp updater was hijacked through a hosting provider compromise and used to serve malicious binaries to selected users.
An unsafe deserialization vulnerability was found in PHPUnit's PHPT test runner. This article summarizes the risk to CI/CD pipelines and how to mitigate it.
A high-severity stack buffer overflow was found in OpenSSL 3.0 through 3.6. The CMS AuthEnvelopedData path can be attacked without authentication. Update now.
An explanation of a new attack technique that abuses GitHub’s fork feature and commit display behavior to distribute malware via links that look like official repository URLs.
A Dolby decoder vulnerability fixed in the January 2026 Android security update. It could allow arbitrary code execution just by receiving an audio file.
Node.js security patches that had been delayed since December 2025 were finally released. This article summarizes the eight vulnerability fixes, including three High-severity issues.
How to build two-factor authentication with a TOTP app such as Google Authenticator. Includes an explanation of the mechanism and a TypeScript implementation example.
Why Supabase is designed to expose API keys in the frontend, and how Row Level Security (RLS) protects data. Also covers why AI-generated apps are being targeted.
Using character voting as an example, this article explains the design and implementation of voting-right patterns such as time limits, social-login auth, and serial codes.
Two critical vulnerabilities (CVE-2025-69263, CVE-2025-69264) were discovered in pnpm 10.0.0–10.25. They allow lockfile integrity bypass and remote code execution, so immediate updates are required.
