Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
3 posts ← reset filters
A critical SQL injection vulnerability in Drupal core's database abstraction API affects all PostgreSQL-backed sites. Here's how it works, how to detect it, and what to do right now.
A subtle interaction between setup-php and pinned Composer versions can expose your GitHub tokens to dependency mirrors. Here's how it works, who's affected, and what to do right now.
A deep dive into CVE-2025-11954, a CSRF vulnerability in WISECP with a CVSS score of 8. I break down how the attack works mechanically, why this 'old' class of vulnerability keeps showing up, and provide detailed defense strategies with production-ready code examples.