Two critical vulnerabilities (CVE-2025-69263, CVE-2025-69264) were discovered in pnpm 10.0.0–10.25. They allow lockfile integrity bypass and remote code execution, so immediate updates are required.
Set up VLESS + REALITY on a Linux VPS using Xray and 3X-UI without owning a domain. Working server config, client app picks, how TLS camouflage borrows microsoft.com/cloudflare.com certs against GFW DPI, and the pitfalls before relying on it.
Hysteria2 setup notes from a China-facing VPS — the actually-working YAML config, what to do when UDP/443 is blocked, Brutal congestion control pitfalls, and client apps per platform. Overview-level, not a full step-by-step.
In January 2026, Logi Options+ and G HUB stopped working on macOS due to an expired certificate. Here's how to fix it and why this happened in the first place.
Bash permissions now support real wildcards. `Bash(npm *)` can allow the whole npm family, alongside skill hot reload, expanded Vim controls, agent forks, and security fixes.
Step-by-step guide to building an IKEv2 VPN server with strongSwan on CentOS 7, including certificate setup, firewall rules, and client configuration for iOS, macOS, Windows, and Android.
Six VPN protocols (ShadowSocks, V2Ray, SoftEther, WireGuard, OpenConnect, IKEv2) compared from someone who actually ran them inside China. As of 2026, most are detected by GFW machine-learning, including ShadowSocks and IPSec-based protocols. What still connects: VLESS+REALITY, Hysteria2, and WireGuard with obfuscation (udp2raw or wstunnel). Includes VPS region notes (avoid Tokyo, pick Singapore/Hong Kong).