Argues that prompt injection is a vulnerability in AI systems, contrasting with views that see it as just a delivery mechanism.
Analysis of CVE-2025-31212, an ironic iOS Bluetooth privacy vulnerability where a security feature designed to inform users leaked device data.
A developer details a simple iOS vulnerability using Darwin Notifications, a legacy public API, that could potentially brick an iPhone.
Learn how to use the dotnet CLI to check your .NET solution for NuGet packages with known vulnerabilities or that are deprecated.
An open source maintainer explains why automated security reports about nested dependencies are often unhelpful and asks developers to stop sending them.
Analysis of the Dirty Pipe Linux kernel vulnerability (CVE-2022-0847), its impact on cloud environments, and defensive advice.
Critique of npm audit's flaws, arguing its default rollout was rushed and harmful to front-end development workflows.
A technical guide on using tools like gitleaks, earlybird, and git-hound to find security leaks and exposed secrets in code repositories.
Analysis of a Chrome/Windows exploit chain, explaining why Windows 10 mitigations make it harder to exploit than on Windows 7.
Highlights from the Node.js Security WG's January 2019 meeting, covering bounty programs and vulnerability database improvements.
Explores the $500 security guarantee for finding vulnerabilities in qmail, highlighting principles for secure open-source software development.
Details and fix for the OpenSSH client roaming vulnerability (CVE-2016-0777) that could allow a malicious server to steal private keys.
A blog post explaining the Heartbleed OpenSSL vulnerability and providing Python scripts to test websites for it.
A concise, urgent guide for sysadmins on the mandatory steps to fix the critical Heartbleed OpenSSL vulnerability and secure web servers.
Explains the April 7 web security vulnerability, its impact on major sites, and provides steps for users to protect their accounts.
Details an XSS vulnerability in the Drupal Advanced Poll module (6.x-3.x and prior), including patch and mitigation.
A developer shares their discovery of a security vulnerability (CVE-2008-5187) in the Imlib2 image library.
Urgent security alert for BlogEngine.NET users about a vulnerability exposing user credentials, with a patch recommendation.
