Dependency Confusion Attacks: How Package Names Steal Your Code
Dependency confusion attacks exploit package managers by uploading malicious packages with internal names to public registries.
Jan 6, 20265 min read5
Command Palette
Search for a command to run...
Latest articles
Critical Vulnerability in React Server Components (CVE-2025-55182)
UPDATE: December 3, 2025 - A critical pre-authentication Remote Code Execution (RCE) vulnerability has been disclosed in React Server Components. This is a CVSS 10.0 vulnerability. If you're running Next.js 15.x, 16.x, or React 19.x in production, st...
Dec 3, 20257 min read5Cloud Costs Are Destroying Startup Margins
Cloud infrastructure costs often exceed engineering salaries. Here's why AWS, GCP, and Azure are more expensive than startups realise and why they use
Nov 29, 20255 min read30
When Cloudflare and GitHub Go Down on the Same Day: The Internet's Fragile Foundation
Cloudflare took down 20% of the internet in 4 hours. GitHub went down hours later. Here's why this keeps happening and why it won't get fixe
Nov 20, 20258 min read3
AI Code Review Tools Are Making Code Worse
Automated PR review tools are shipping buggy code faster while creating the illusion of thorough review. Here's why they're making the problem worse.
Nov 14, 20256 min read5Test Mode to Production with Firebase
Firebase's test mode ships to production constantly, exposing millions of databases. Here's why it keeps happening and why Firebase won't fix it.
Nov 13, 20255 min read4
Bug Bounty Platforms Are Exploiting Researchers
Companies pay $500 for critical vulnerabilities while bug bounty platforms take 20% cuts. The economics don't work for researchers.
Nov 11, 20256 min read30How to Write Secure Firebase Rules
Step-by-step guide to writing secure Firebase Security Rules for Cloud Firestore and Realtime Database with real code examples and best practices.
Nov 9, 20259 min read108
Model Collapse: The AI Feedback Loop Problem Nobody Wants to Talk About
AI models are increasingly training on AI-generated content. The feedback loop is real, measurable, and could fundamentally break how LLMs work.
Nov 7, 20256 min read55