@jacobalcock

Jacob Alcock

@jacobalcock

Building software and finding the holes in it.

Joined November 2025

About

Nothing here yet.

Available for

Nothing here yet.

Jacob Alcock's blogs

Jacob Alcock - Security & Developmentblog.jacobalcock.co.uk10 posts

Articles Threads Comments

Recently published

blog.jacobalcock.co.uk

Dependency Confusion Attacks: How Package Names Steal Your Code

Dependency confusion attacks happen because package managers default to checking public registries, even when you're using private packages. Attackers upload malicious code with internal package names. Your CI/CD pulls and executes attacker code. The...

Jan 65 min read

blog.jacobalcock.co.uk

Critical Vulnerability in React Server Components (CVE-2025-55182)

UPDATE: December 3, 2025 - A critical pre-authentication Remote Code Execution (RCE) vulnerability has been disclosed in React Server Components. This is a CVSS 10.0 vulnerability. If you're running Next.js 15.x, 16.x, or React 19.x in production, st...

Dec 3, 20257 min read

blog.jacobalcock.co.uk

Cloud Costs Are Destroying Startup Margins

AWS bills that exceed engineering salaries are normal now. Startups with 100,000 users paying $50,000/month for infrastructure that could run on a $200/month dedicated server. Cloud infrastructure is convenient. It's also absurdly expensive once you ...

Nov 29, 20255 min read

blog.jacobalcock.co.uk

When Cloudflare and GitHub Go Down on the Same Day: The Internet's Fragile Foundation

November 18, 2025: Cloudflare goes down at 7am ET. X, ChatGPT, Spotify, Zoom, and thousands of other sites become unreachable. 20% of the internet stops working. Four hours later, Cloudflare comes back up. Then GitHub goes down. Git operations fail g...

Nov 20, 20258 min read

blog.jacobalcock.co.uk

AI Code Review Tools Are Making Code Worse

AI code review tools promise to catch bugs before they hit production. In practice, they're creating a false sense of security while making it easier to ship bad code. The problem isn't that AI code review doesn't work at all. It's that it works just...

Nov 14, 20256 min read

Jacob Alcock

About

Available for

Jacob Alcock's blogs

Recently published

Dependency Confusion Attacks: How Package Names Steal Your Code

Critical Vulnerability in React Server Components (CVE-2025-55182)

Cloud Costs Are Destroying Startup Margins

When Cloudflare and GitHub Go Down on the Same Day: The Internet's Fragile Foundation

AI Code Review Tools Are Making Code Worse

Search Hashnode

Jacob Alcock

About

Available for

Jacob Alcock's blogs

Recently published

Dependency Confusion Attacks: How Package Names Steal Your Code

Critical Vulnerability in React Server Components (CVE-2025-55182)

Cloud Costs Are Destroying Startup Margins

When Cloudflare and GitHub Go Down on the Same Day: The Internet's Fragile Foundation

AI Code Review Tools Are Making Code Worse