Every few months, a new npm package gets hijacked, ships malware to anyone who runs npm install, and the cycle repeats. The October 2021 ua-parser-js compromise. The 2022 node-ipc protestware. The recurring typosquats. The maintainer accounts taken over via phishing or expired domains. The reaction on r/programming is always the same: no way to prevent thi...
Timers are one of those things every React developer writes by hand the first ten times and gets wrong on at least six of them. The pattern looks simple: call setTimeout in a useEffect, return a cleanup function, ship it. Then a code review finds the stale closur...
Most people do not have a skill discovery problem for very long.
After a few days with Claude Code, Codex, Cursor, or other agent tools, the problem changes.
You find a few useful skills on GitHub. You install some. You bookmark others. Then your setup turns into a pile of disconnected commands, repos, and half-remembered SKILL.md files.
That is where I star...
Let me ask you something.
When was the last time your vulnerability scanner flagged an EOL runtime?
Not a CVE. Not a known exploit. Just — "hey, this runtime has been end-of-life for 383 days and will never receive another security patch."
If your answer is never, you're not alone. And that's exactly the problem.
The sec...
After recently transitioning into my first cybersecurity role, I'm continuing my practical skills development through hands-on labs. This writeup documents my approach to completing the Exploitation CTF, which focuses on vulnerability identification, exploit modification, and privilege escalation techniques.
Challenge Objectives:
I recently soft-launched a side project called Startup Graveyard.
The idea is simple: a place to browse failed startups, learn what went wrong, and pull lessons from their mistakes.
You can check it out here:
https://www.startupgraveyard.co
I ha...