About 105 results
https://quasigod.xyz/blog/webview-hijacking-via-plaintext-mitm · 26 May 2026
Stealing user logins by hijacking a vulnerable webview implementation in a mobile app
https://nesbitt.io/2026/05/25/github-actions-security-in-python-packages.html · 25 May 2026
Thank you Dr. Zizmor
https://nesbitt.io/2026/05/24/signing-is-for-the-bad-days.html · 24 May 2026
TUF, in-toto, and Sigstore only look pointless while nothing is on fire
https://sensemaker.computer/trust-boundary-inward · 21 May 2026
GitHub's poisoned-extension breach, Railway's GCP account suspension, and SpaceX's AI-heavy S-1 all point to the same thing: the inside of infrastructure is now the story.
https://nesbitt.io/2026/05/15/language-registries-are-unstable-by-default.html · 15 May 2026
apt install -t unstable, but make it your whole personality
https://octet-stream.net/b/scb/2026-05-12-mythos-and-legends.html · 12 May 2026
12 May 2026 A recent pastime for me has been reading the reports coming out from Project Glasswing. As you're probably aware by now, that's the scheme where Anthropic is permitting various companies and open source projects to scan their code for securit...
https://nesbitt.io/2026/05/12/not-a-security-issue.html · 12 May 2026
How curl's disclosure policy filtered an AI scanner's findings at source
https://nesbitt.io/2026/05/11/proxy.html · 11 May 2026
A lightweight multi-ecosystem caching package proxy
https://nesbitt.io/2026/05/09/the-mismeasure-of-open-source.html · 9 May 2026
The streetlight effect in project-health scoring
https://nesbitt.io/2026/05/08/weekend-at-bernies.html · 8 May 2026
Which of your dependencies are wearing sunglasses