Archive

Research

64 pieces of security research, engineering and field notes.

When a GitHub Action rewrites its own history
security6 min read

When a GitHub Action rewrites its own history

A compromised GitHub Action silently rewrote every version tag to point at a single malicious commit - exposing secrets across 23,000 repositories in the process.

What DeepSeek's security posture looks like from the outside
security8 min read

What DeepSeek's security posture looks like from the outside

DeepSeek matched OpenAI at a fraction of the cost. The security shortcuts it took to get there were just as cheap.

Phobos ransomware impersonated vx-underground: ransom notes, file extensions and all
ransomware5 min read

Phobos ransomware impersonated vx-underground: ransom notes, file extensions and all

Phobos ransomware dressed itself up as Vx-Underground - ransom notes, file extensions and all. Here's what the impersonation looked like under the hood.