Category: Security

24 June 2026
GitHub source code exposure via third-party tooling

GitHub source code exposure rarely starts with the platform itself, it starts with something trusted too much. I care less about the headline breach than the awkward bit underneath, where a third-party tool quietly becomes the bridge into files, tokens, and repo history.

Read more
24 June 2026
n8n | n8n@2.27.3

n8n 2 27 3: default Form Trigger auth prevents legacy crashes, UI hides preview suggestions on small screens, notes add stage review and tooling badges

Read more
23 June 2026
Hardening ig build against command injection

Inspektor Gadget OCI images sound harmless until a build value slips into shell syntax and the pipeline starts executing it for you. I prefer build steps that stay boring, because once they stop being boring, you are usually already in trouble.

Read more
23 June 2026
Prototype pollution in Adobe Acrobat PDF code paths

Prototype pollution in Adobe Acrobat PDF code paths is not a neat edge case, it is what happens when privileged JavaScript trusts the wrong shape of data. I keep coming back to the same point, undeclared variables, `eval`, and sloppy string handling all hand an attacker room to steer the code.

Read more
23 June 2026
Talos Linux | v1.13.5

Talos Linux v1 13 5: security upgrades, kernel 6 18 36, containerd 2 2 5, Go 1 26 4, Kubernetes images updated, bug fixes, report issues

Read more
23 June 2026
Talos Linux | v1.13.5

Talos v1135: kernel 61836, containerd 225, runc 143, security and stability updates, shutdown fixes, LUKS and reboot edge case fixes, test and report issues

Read more
23 June 2026
n8n | n8n@2.26.9

n8n v2 26 9: maintenance patch, stage review badge for PR review, Cubic auto release notes, check GitHub compare for diffs before upgrading

Read more
22 June 2026
Human-in-the-loop AI pentesting for exploit paths

AI pentesting is useful when it speeds up the grunt work and leaves judgement where it belongs. I care less about noisy findings than about whether a small mistake can be chained into a working path, because that is where the real test starts.

Read more
22 June 2026
Formal verification boundaries in corecrypto

corecrypto formal verification is useful right up to the point where the code stops being plain C. I trust the proof more than the marketing, but only if the compiler output still looks like the model; once the fast paths and silicon features take over, the neatness falls away.

Read more
22 June 2026
Gitea | v1.26.4

Gitea v1 26 4: prevents OAuth2 auto reactivation of disabled users, improves git log walk error handling, Gitea Cloud instances auto upgraded June 21 2026

Read more
22 June 2026
Gitea | v1.26.4

Gitea v1 26 4: prevents OAuth2 callbacks reactivating disabled users, fixes git log traversal errors, Gitea Cloud auto upgrades, self hosted instances update

Read more
21 June 2026
GitHub exposure of AWS GovCloud credentials

Public repos are brilliant at preserving bad decisions, and AWS GovCloud credentials are exactly the sort of thing that should never survive a commit. Once they are out, the clean-up is only half the job; the harder part is admitting how many places the same mistake has already reached.

Read more
21 June 2026
Gitea | v1.26.3

Gitea v1 26 3: Actions require merged PR to bypass fork gate, workflow fixes, security hardening, LFS and API bugfixes, build and deps updates

Read more
21 June 2026
Gitea | v1.26.3

Gitea v1 26 3: Actions now require a merged PR to bypass fork PR approval gate, security hardenings and bugfixes, upgrade strongly recommended

Read more
21 June 2026
ESPHome | 2026.6.2

ESPHome 2026 6 2: normalize espidf tool paths, fix RMT5 interrupt priority in fastled, mark packet transport key secret, bundle device builder 1 0 12

Read more
20 June 2026
Hardening consumer routers against botnet abuse

Consumer routers are still being dragged into IoT botnets because the easy mistakes never went away, default logins, exposed admin pages, and forgotten services. I would rather spend ten minutes hardening a box now than find out later it has been busy for someone else.

Read more
20 June 2026
Rotating AWS GovCloud secrets after repo disclosure

AWS GovCloud credential leakage is not a tidy mistake, it is a time problem. Once a secret hits public GitHub, I treat revocation, search, and handoff as one job, because leaving even one copy alive keeps the mess going.

Read more
20 June 2026
n8n | n8n@2.26.8

n8n 2 26 8: fixes Form Trigger crash by adding default auth parameter, backward compatible, upgrade recommended, test Form Trigger workflows after update

Read more
20 June 2026
ESPHome | 2026.6.1

ESPHome 2026 6 1: fixes address resolution, skips target deps in host tests, ESP32 idedata, preserve factory bin, logger recursion guard, timestamp revert

Read more
20 June 2026
HomeAssistant Core | 2026.6.4

HomeAssistant Core 2026 6: critical fixes for Growatt InfluxDB Immich zwave js MQTT WebDAV Tank Utility, integrations, translations, deps and frontend updates

Read more
19 June 2026
Tracking false positives after managed rule merges

Cloudflare WAF rule merge changes more than a label, and I have seen neat alerting fall apart because the detection moved, not because the noise went away. If you are counting rule IDs, you may be looking at bookkeeping, not behaviour.

Read more
19 June 2026
Argo CD | v3.4.4

Argo CD v3 4 4: fast kubectl install for non HA and HA, cosign signed images and provenance, key bug fixes, upgrade guidance and full release details

Read more
19 June 2026
headscale | v0.29.1

headscale v0 29 1: requires Tailscale client v1 80 0, fixes migration preserving user id for nodes with tags:null, follow official upgrade guide

Read more
19 June 2026
Argo CD | v3.4.4

Argo CD v3 4 4: quick start and HA install commands, signed images and SLSA 3 provenance, key fixes, upgrade guidance, CI and test maintenance

Read more
19 June 2026
headscale | v0.29.1

headscale v0:29:1, preserves user assignment for nodes with tags null, fixes upgrade bug that lost user id, min Tailscale v1:80:0, follow upgrade guide

Read more