Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
2 posts ← reset filters
CVE-2026-47357 exposes a high-severity SSRF in Terrascan's remote scan API endpoint, letting attackers reach internal services through your IaC policy scanner. Here's how it works and what to do.
CVE-2026-47356 exposes a high-severity SSRF in Terrascan's webhook_url parameter. Here's why your IaC scanning server might be an attacker's next pivot point, and what to do about it.