Category: Security

6 min read 0

My React2Shell Story

  • 2026-03-04
Gather 'round, friends! It's time to hear the story of how I led the charge to mitigate React2Shell: a dangerous remote code execution vulnerability which…
6 min read 0

Be careful with that VS Code Extension!

  • 2026-02-24
Those extensions and themes you’ve been installing in your IDE could be dangerous. I understand that there are a lot of cool extensions and themes…
8 min read 0

1Password CLI Adds Risk

  • 2026-02-17
In October of 2023, I reported a vulnerability to 1Password regarding their op (a.k.a. 1password-cli) program. In my report I detailed that their approach to…
3 min read 0

Introducing the Poison-Pillminder

  • 2026-02-03
Do you manage a GitHub org with a bunch of repositories? Do you have a hard time scrambling when the latest NPM supply-chain attack hits,…
4 min read 0

Secrets in Lambda Env Vars

  • 2024-04-25
Hello, friends! I’m here on this fine Thursday with some low-key advice on a very serious problem: you—or someone you know—has been putting secrets into…