Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
2 posts ← reset filters
CVE-2026-8711 is a high-severity NGINX JavaScript vulnerability where client-controlled variables in js_fetch_proxy turn your reverse proxy into an attacker-controlled open proxy. Here's how it works and what to do.
A critical IP spoofing vulnerability in HestiaCP (CVE-2026-43634) allows unauthenticated remote attackers to bypass security controls. Learn what happened and how to protect your server immediately.