Analysis of emerging cybersecurity threats for 2026, focusing on AI-powered attacks, software supply chain flaws, and critical vulnerabilities in widely-used software.
Explains dependency cooldowns, a strategy to reduce supply chain attack risk by delaying automatic dependency updates.
A Developer Advocate explains how to use Generative AI to automate and accelerate the creation of demo applications for security vulnerability education.
Analysis of macOS security vulnerabilities (CVE-2023-23506/28192) that allowed unauthorized apps to access Safari history and device location via XPC services.
Analysis of empirical data showing memory unsafety causes 65%+ of security vulnerabilities in large C/C++ codebases like Android, Chrome, and Linux.
Critique of web browser feature bloat and complexity, arguing it's now impossible to build a new competitive browser engine.
Analyzes security risks from indirect dependencies in Angular and React boilerplate projects, comparing vulnerability counts and license issues.
Analysis of widespread jQuery XSS vulnerabilities affecting 84% of websites, detailing version risks and vulnerable libraries.
Explains memory unsafety in programming languages, its security risks (out-of-bounds reads/writes, use-after-free), and contrasts unsafe languages like C/C++ with safe ones.
npm registry hits 1 million packages. Analysis of top packages, vulnerabilities, and download statistics.
Argues that modern C++ idioms like smart pointers and string_view are insufficient to prevent memory safety vulnerabilities, advocating for memory-safe languages.
