Security
Pin Actions to SHAs
gh-actions-lockfile generates a lockfile that pins actions — including transitive dependencies — to exact commit SHAs with integrity hashes, enabling verification and auditability via a GitHub Action or CLI.
Security
Security
Agent Skills: Reusable automation for Codex
Skills package instructions and optional assets so Codex can perform specific workflows; they can be invoked explicitly or picked automatically when relevant.
Security
GotaTun — WireGuard Rebuilt in Rust
Mullvad released GotaTun, a Rust implementation of WireGuard, to Android, removing wireguard-go crashes, improving stability, and adding privacy features like DAITA and Multihop.
Security
Fuzzy Canary
A lightweight tool that injects invisible 'canary' links into your HTML to trigger scrapers' content safeguards. Install via npm and prefer server-side injection so non-JS scrapers still see it.
Security
FreeBSD RCE: ND6 Router Advertisements Exploit
A critical vulnerability (CVE-2025-14558) in FreeBSD's rtsold and rtsol programs allows remote code execution via unvalidated IPv6 router advertisement messages on the same network segment.
Security
From SSRF to RCE: A 7-Step Chain Against PostHog
A deep dive into how overlooked validations, a SQL escaping bug, and static credentials turned a simple webhook into a full system compromise.
Security
Docker Hardened Images: Secure by Default, Free for All
A new industry standard with guaranteed patching, minimal attack surface, and full transparency—available at zero cost.
Security
8 Million Users’ AI Conversations Sold by ‘Privacy’ Extensions
Urban VPN Proxy and sibling extensions silently harvested and monetized intimate AI chat data for months.