CVE-2025-48384: Breaking git with a carriage return and cloning RCE
tl;dr: On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution. Update to a fixed version of git and other software that embeds Git (including GitHub Desktop). More..
Blink and you'll miss it — a URL handler surprise
Blink, the mobile shell for iOS had a URL handler that handled more than expected. More..
Using HAProxy to protect me from scrapers
A simple anti-scraper solution for haproxy. The goal is to be as simple as possible, so this can be implemented alongside other haproxy rules to control traffic. More..
Déjà vu: Ghostly CVEs in my terminal title
Exploring a security bug in Ghostty that is eerily familiar. More..
ANSI Terminal security in 2023 and finding 10 CVEs
A paper detailing how unescaped output to a terminal could result in unexpected code execution, on many terminal emulators. This research found around 10 CVEs in terminal emulators across common client platforms. More..
NAT-Again: IRC NAT helper flaws
A Linux kernel bug allows unencrypted NAT'd IRC sessions to be abused to access resources behind NAT, or drop connections. Switch to TLS right now. Or read on. More..
Vim blowfish encryption
...or why you shouldn't roll your own crypto More..