credential compromise

2 posts

GitHub shipped optional hardening as a control

The GitHub breach follows a documented class of failure. The mechanism is identity issuance separated from validation. The industry chose documentation over enforcement.

May 22, 2026

Article

How Identity Presentation Without Verification Enabled a Credential Compromise

A breakdown of how the Axios npm credential breach occurred due to identity presentation without technical validation, highlighting systemic risks in open-source infrastructure.

Apr 13, 2026