Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
2 posts ← reset filters
CVE analysis of Flask-Security-Too 5.8.0's OAuth reauthentication bypass where verifying a different user's OAuth identity marks the session as fresh, enabling privilege escalation.
Google's antigravity Python module redirects to a comic instead of doing anything useful — but the real story is what happens when trusted namespaces get weaponized and developers stop reading import statements.