fabslog

category: Security

links_

Thursday, June 4, 2026

I built a vulnerable app and spent $1,500 seeing if LLMs could hack it kasra.blog EN A security research post testing whether LLMs could exploit a vulnerable React Native app and backend.
Security vulnerability AI LLM pentesting

Friday, May 29, 2026

Someone used my open source project to phish 14,000 people andrej.sh EN An open-source project's hosted cloud was abused to send 14,000 phishing emails, prompting the maintainer to revoke keys and harden signup flows.
Security Open Source Cloud Phishing abuse DKIM

Wednesday, May 27, 2026

An Update on Composer & Packagist Supply Chain Security blog.packagist.com EN Packagist and Composer announce multiple supply chain security improvements including transparency logs, MFA, malware detection, version immutability, and provenance plans.
Security Package Management Composer Packagist MFA Immutability

Friday, April 17, 2026

Monday, March 30, 2026

ChatGPT Won't Let You Type Until Cloudflare Reads Your React State. I Decrypted the Program That Does It. www.buchodi.com EN The author decrypted Cloudflare Turnstile bytecode and found it fingerprints browsers and ChatGPT's React state to create access tokens that detect bots.
Security Privacy Technology Web AI OpenAI ChatGPT Cloudflare fingerprinting React OpenAI ChatGPT

Thursday, March 26, 2026

Don’t trust, verify | daniel.haxx.se daniel.haxx.se EN-US The author urges verifying curl releases and source to defend against supply-chain and CI-based attacks.
Security Software Engineering Open Source

Tuesday, March 3, 2026

Disable Your SSH Access With This One Simple Trick sny.sh EN scp can change target directory permissions to match the source, causing sshd to reject key authentication.
Security Systems scp sshd permissions OpenSSH

Friday, February 27, 2026

I found a Vulnerability. They found a Lawyer. | Blog | Yannick Dixken dixken.de EN A researcher describes responsibly disclosing a trivial account vulnerability that exposed personal data and receiving legal threats instead of cooperation.
Security Privacy Legal vulnerability disclosure gdpr lawyer