Analysis of CVE-2025-31212, an ironic iOS Bluetooth privacy vulnerability where a security feature designed to inform users leaked device data.
A developer details a simple iOS vulnerability using Darwin Notifications, a legacy public API, that could potentially brick an iPhone.
Learn how to use the dotnet CLI to check your .NET solution for NuGet packages with known vulnerabilities or that are deprecated.
Analysis of the Dirty Pipe Linux kernel vulnerability (CVE-2022-0847), its impact on cloud environments, and defensive advice.
Critique of npm audit's flaws, arguing its default rollout was rushed and harmful to front-end development workflows.
A technical guide on using tools like gitleaks, earlybird, and git-hound to find security leaks and exposed secrets in code repositories.
Highlights from the Node.js Security WG's January 2019 meeting, covering bounty programs and vulnerability database improvements.
Explores the $500 security guarantee for finding vulnerabilities in qmail, highlighting principles for secure open-source software development.
Details and fix for the OpenSSH client roaming vulnerability (CVE-2016-0777) that could allow a malicious server to steal private keys.
A blog post explaining the Heartbleed OpenSSL vulnerability and providing Python scripts to test websites for it.
A concise, urgent guide for sysadmins on the mandatory steps to fix the critical Heartbleed OpenSSL vulnerability and secure web servers.
Explains the April 7 web security vulnerability, its impact on major sites, and provides steps for users to protect their accounts.
Details an XSS vulnerability in the Drupal Advanced Poll module (6.x-3.x and prior), including patch and mitigation.
Urgent security alert for BlogEngine.NET users about a vulnerability exposing user credentials, with a patch recommendation.
