About 105 results
https://octet-stream.net/b/scb/2026-04-11-promoting-use-of-fine-grained-pats.html · 11 Apr 2026
HOME BLOGS PROJECTS GITHUB 11 April 2026 Software development is becoming an increasingly risky business. Supply chain attacks are more frequent than ever, and those of us using agentic LLMs run the risk that it will add a dependency automatically...
https://nesbitt.io/2026/04/09/package-security-defenses-for-ai-agents.html · 9 Apr 2026
Lockfiles, sandboxes, and cooldown timers.
https://nesbitt.io/2026/04/08/package-security-problems-for-ai-agents.html · 8 Apr 2026
Packages all the way down, agents all the way up.
https://anil.recoil.org/notes/internet-immune-system · 8 Apr 2026 · 🦋 Bluesky
Anthropic's Mythos makes autonomous vulnerability chaining across devices a sudden reality, so I've been thinking about how digital 'antibotty' inoculation networks may be needed far sooner than I expected.
https://nesbitt.io/2026/04/07/who-built-this.html · 7 Apr 2026
Tracing a dependency back to its source commit.
https://nesbitt.io/2026/04/06/the-cathedral-and-the-catacombs.html · 6 Apr 2026
Stretching a metaphor deep into the floor.
https://nesbitt.io/2026/03/31/npms-defaults-are-bad.html · 31 Mar 2026
The npm client's default settings are a root cause of JavaScript's recurring supply chain security problems.
https://quasigod.xyz/blog/xss-via-indirect-prompt-injection · 31 Mar 2026 · 🦋 Bluesky
A short writeup of finding a stored XSS vulnerability in an AI powered writing app
https://stuartbreckenridge.net/2026-03-30-security-analysis-of-the-white-house-app/ · 30 Mar 2026
It's exactly what you'd expect.
https://astra.pizza/posts/2026-03-19-signal-desktop-dpapi/ · 19 Mar 2026
Electron's safeStorage uses DPAPI on Windows, which means any process running as your user can decrypt Signal's database. on macOS, Keychain actually isolates per-app.