3d ago · 4 min read · In February 2026, security researcher Jamieson O'Reilly published an experiment that broke ClawHub's trust model wide open. He created a backdoored skill, used bots to inflate its download count to 4,000+, and made it the #1 most downloaded skill on ...
Join discussionMar 26 · 9 min read · The Moment Someone Finally Explained Containers to Me When IBM acquired Red Hat, my world changed overnight. Suddenly everyone around me was talking about containers. Kubernetes. Pods. Orchestration.
Join discussion
Mar 24 · 7 min read · You find a Claude Code skill on X. Someone you follow shared it, it solves a real problem, and installing it takes ten seconds. You pull the repo, the agent picks it up, and you're back to work. What
Join discussion
Mar 24 · 5 min read · Originally published at https://www.vaines.org/posts/2026-03-24-the-comforting-lie-of-sha-pinning/ In March 2026, Trivy became the latest reminder that software supply chains are, at best, loosely held together with convention and trust. A typosquat...
Join discussion
Mar 22 · 7 min read · Agent Tooling Supply Chain Security: OWASP Agentic Top 10 and the pentagi Threat Model Two things happened in the same week. Trivy, the most popular container vulnerability scanner, got its GitHub Actions workflow compromised through a supply chain a...
Join discussionMar 22 · 4 min read · The aquasecurity/trivy ecosystem got hit this week. Supply chain compromise - a tool that 50,000+ organizations rely on for vulnerability scanning had its own supply chain briefly weaponized. The irony isn't lost on anyone. 65 points on Hacker News, ...
Join discussionMar 3 · 5 min read · Dependency Management and Security Scanning The average JavaScript project has 200+ transitive dependencies. The average Python project has 50+. Every one of them is attack surface. Supply chain attacks — compromising a widely-used package to inject ...
Join discussionMar 1 · 4 min read · What Happened A popular Chrome extension called QuickLens — Search Screen with Google Lens has been removed from the Chrome Web Store after being compromised to push malware via ClickFix social engineering attacks and steal cryptocurrency from thousa...
Join discussionFeb 26 · 4 min read · In February 2026, security researcher Jamieson O'Reilly published an experiment that broke ClawHub's trust model wide open. He created a backdoored skill, used bots to inflate its download count to 4,000+, and made it the #1 most downloaded skill on ...
Join discussion
