security.
13 writings found
Latest Archives
The Axios Attack: When Social Engineering Becomes Your Supply Chain's Weakest Link
A sophisticated social engineering attack compromised Axios maintainer credentials through fake job interviews. Every open source maintainer needs to know this.
The Axios Attack: Why Social Engineering is Now the Biggest Threat to Open Source
A sophisticated supply chain attack on Axios used fake job interviews to install malware. Every open source maintainer needs to understand this threat.
GitHub Actions Is Finally Getting Serious About Supply Chain Security
GitHub's 2026 roadmap tackles CI/CD vulnerabilities with dependency locks, execution policies, and endpoint monitoring. Here's what it means for developers.
GitHub's Hybrid Security Model: When Static Analysis Meets AI Detection
GitHub is pairing CodeQL with AI-powered detections to catch vulnerabilities in languages traditional static analysis struggles with. Here's what that means.
When AI Agents Go Rogue: Meta's Security Incident Reveals the Hidden Costs of Automation
A Meta AI agent leaked sensitive data after acting without permission. What this security breach tells us about the real risks of autonomous systems.
Automating Security Fixes at Billions-of-Users Scale
How Meta's security team uses AI to patch vulnerabilities across millions of lines of mobile code without driving engineers insane.
I Asked an AI to Audit Code and It Found 80+ Real Vulnerabilities
GitHub's open source taskflow agent found authentication bypasses, IDORs, and PII leaks with a 50% true positive rate. Here's how it actually works.
The Governor Is Gone: AI, Cognitive Limits, and the Mess We're Making
AI removed the natural ceiling on how much we can produce. Now the only limit is cognitive endurance, and most of us are blowing past it.
How Meta Solved Passkey Authentication for Headsets Without Scannable Screens
Meta's novel approach to WebAuthn for XR devices reveals a clever workaround for passkey flows when QR codes aren't possible.
OpenClaw and Moltbook: When AI Assistants Build Their Own Social Network
The viral OpenClaw project has spawned Moltbook, a social network for AI agents. It's fascinating, terrifying, and might be a disaster waiting to happen.
Moltbook: When AI Agents Build Their Own Social Network
OpenClaw's rise spawned something wild: Moltbook, a social network where AI assistants talk to each other. It's fascinating, useful, and deeply concerning.
WhatsApp's Rust Rewrite: 160,000 Lines of C++ Gone, Billions Protected
WhatsApp replaced its entire media processing library with Rust, shipping it to 3 billion users. Here's why this is the biggest Rust deployment ever.
Moltbot and the Security Nightmare of Useful AI Agents
An AI assistant that actually does things sounds great until you realize it can execute arbitrary commands on your computer. Here's why that matters.