open source security

4 posts

What a $5 VPS honeypot taught me

An open-source honeypot probe database queryable via curl, HTTP, and MCP - what it catches, why it helps small defenders, and where the risks actually sit.

May 20, 2026

Article

Torvalds declares Linux security list unmanageable

Linus Torvalds says AI bug hunters have made the Linux security list unmanageable. An operator read on what failed at the intake boundary.

May 19, 2026

Article

How Identity Presentation Without Verification Enabled a Credential Compromise

A breakdown of how the Axios npm credential breach occurred due to identity presentation without technical validation, highlighting systemic risks in open-source infrastructure.

Apr 13, 2026

Article

The Real Failure in the axios npm Compromise Wasn't Code - It Was Trust

The axios@1.141 and axios@0.304 npm compromise was not a code flaw - it was a failure in trust validation. Credential theft enabled persistent supply chain poisoning due to lack of enforced MFA and session verification at every publish event.

Apr 1, 2026