Archive

Research

73 pieces of security research, engineering and field notes.

Latest · security13 min read

Tycoon 2FA against Entra ID and Google Workspace: MFA bypass and authentication assumptions under fire

Tycoon 2FA AiTM attacks against Entra ID and Google Workspace show why MFA cannot carry identity assurance alone when session theft, proxy phishing and degraded controls sit in the path after login.

security13 min read

OpenClaw's 470 advisories show unauthenticated RCE became a cloud AI platform pattern

OpenClaw's 470 advisories show how cloud AI platforms turn prompt handling, tool calls and host execution into an unauthenticated RCE pattern at scale.

security13 min read

Authentication bypass in 2026: access validation keeps failing before critical operations

Authentication bypass keeps recurring because modern applications validate identity at convenient edges, then perform critical operations in layers that no longer know whether access was proven.

security13 min read

PCPJack, polyfill CDN and Bright Data SDK show supply chain attacks moving into runtime weaponisation

Supply chain compromise is shifting from static package poisoning towards runtime weaponisation, where trusted code becomes a credential harvester, traffic broker or covert infrastructure node after deployment.

authorization13 min read

How five RBAC failure modes bypass object-level authorisation

Five RBAC failure modes show how route checks, UI gating, tenant scope gaps, workflow state and service identity bypass object-level authorisation across APIs.

security13 min read

CIFSwitch CVE-2026-46243 and PraisonAI show privilege escalation is an architectural antipattern

CIFSwitch CVE-2026-46243 and PraisonAI show why vertical movement often follows from designs that let low-trust identities shape high-trust operations.

security12 min read

Gogs, PraisonAI and KnowledgeDeliver show authentication bypass is a self-hosted platform design failure

Gogs, PraisonAI and KnowledgeDeliver show why authentication bypass in self-hosted platforms is often an architectural failure, not a missing if statement.

MCP OAuth token persistence turns AI orchestration into a supply-chain trust boundary
security13 min read

MCP OAuth token persistence turns AI orchestration into a supply-chain trust boundary

MCP-based AI orchestration moves OAuth tokens, access grants and memory persistence into the same execution path. Credential handling is now the weakest link in the AI supply chain.

security13 min read

May 2026 developer-tooling compromises: VS Code extensions, PyPI packages and GitHub Actions turned workstations into supply-chain targets

May 2026 supply-chain compromises showed that poisoned developer tooling now targets the identity and execution layer before code reaches a repository.

security12 min read

npm, PyPI and Docker Hub in 2026: developer credentials became supply-chain infrastructure

Credential harvesting against npm, PyPI and Docker Hub has turned developer identity into supply-chain infrastructure, with package registries now functioning as distribution systems for stolen trust.

security11 min read

GitHub Actions OIDC and TanStack show why 2026 supply chain attacks target release authority

Supply chain compromise has shifted from stealing credentials to poisoning package ecosystems through compromised CI/CD systems, maintainer accounts and trusted execution paths.

maboloshi/github-chinese PR #692 fixed DOM XSS in translation results
vulnerability8 min read

maboloshi/github-chinese PR #692 fixed DOM XSS in translation results

maboloshi/github-chinese inserted third-party translation API responses into GitHub pages as HTML. PR #692 changes that untrusted response handling to text nodes.

RAGFlow PR #14803 removed a CWE-502 pickle RCE footgun from deserialize_b64
vulnerability7 min read

RAGFlow PR #14803 removed a CWE-502 pickle RCE footgun from deserialize_b64

RAGFlow's deserialize_b64 helper defaulted to bare pickle.loads behind an unset safety flag. PR #14803 makes RestrictedUnpickler the only path.