React2shell Leads to Full Microsoft 365 SharePoint compromise: How One Server Exploit Exposed an Entire TenantDec 1, 2025·4 min read·35
The Shai-Hulud Worm: Dissecting the Self-Spreading Malware Attack on the NPM EcosystemSep 18, 2025·14 min read·66
Axios malicious package: what developers and defenders should checkWhat the Axios malicious package contained, how it was published, and how teams can check GitHub, Intune, CrowdStrike, and Jamf.Apr 4, 2026·5 min read·7
Introduction to Static Application Security Testing (SAST)Introduction This is the first article in a 30-day series on Static Application Security Testing (SAST). We’ll introduce what SAST is and why it matters for building secure software. SAST refers to analyzing source code to find security vulnerabiliti...Jun 21, 2025·18 min read·87
Code Smart, Code Safe: Securing AI Suggestions in Modern IDEsIn this article, we'll learn how to code securely with AI-assisted IDE tools like GitHub Copilot, Windsurf, and Cursor. These tools can suggest code while keeping it safe. Each one lets you set rules in its own way: Copilot uses a .github/copilot-ins...May 18, 2025·9 min read·144
Threat Modeling Case StudiesWeb Application Case Study System Overview A web application that allows users to: Register and authenticate Upload and share files Send messages to other users View and update their profile Data Flow Diagram flowchart LR User((User)) ...May 16, 2025·16 min read·72
Boost Your Secure Code Review Efficiency with Git GrepStruggling with slow, noisy searches during manual secure code reviews? You're not alone. Finding vulnerabilities like hardcoded secrets, dangerous function calls, or misconfigured access controls can feel like finding needles in haystacks—especially...May 9, 2025·5 min read·401
Why Trusting Git Over Ctrl + Z Matters : Vibe CodingFind Out Why Git is a Better Choice than Ctrl + Z for Coding Success in the era of vibe coding </>Apr 29, 2025·5 min read·71
Slopsquatting: An Emerging Threat to Developers Using AI-Powered IDEsRecently, companies are supercharging developer productivity with AI-powered IDEs and agents! Tools like GitHub Copilot and CursorAI are at the forefront of this exciting transformation, offering developers incredible coding assistance and automation...Apr 19, 2025·4 min read·74
