AI fakers exposed in tech dev recruitment: postmortem
A full-remote security startup nearly hired a backend engineer who doesnβt exist, after a candidate used an AI filter as an on-screen disguise in video interviews. Learnings for tech companies
weeklyfoo #76 / 2025-03-17Bypassing airport security via SQL injection
Cascading Spy Sheets
Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting
weeklyfoo #69 / 2025-01-27CORS is Stupid
A praise to the fact that you shouldnβt rely on everything by default. Essentially, it means: think for yourself!
weeklyfoo #48 / 2024-09-02Google OAuth is broken (sort of)
This is a fascinating outline of some Google oauth kind of issues.
weeklyfoo #12 / 2023-12-24Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
weeklyfoo #69 / 2025-01-27Nightmares on npm: How Two Malicious Packages Facilitate Data Theft and Destruction
Our threat research team breaks down two malicious npm packages designed to exploit developer trust, steal your data, and destroy data on your machine.
weeklyfoo #54 / 2024-10-14Polyfill supply chain attack hits 100K+ sites
The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites.
weeklyfoo #39 / 2024-07-01Principles for coding securely with LLMs
Writing code with LLMs is fundamentally different from other ways of programming. LLMs are often non-deterministic and always unpredictable. They have a capability that no other technology can match: the ability to interface with natural language. What does that mean for security?
weeklyfoo #81 / 2025-04-21Seriously, stop using RSA
The Internet Archive is under attack, with a breach revealing info for 31 million accounts
A pop-up message said the online archive has suffered βa catastrophic security breach,β as its operators say the site has been DDoSβd for days.
weeklyfoo #54 / 2024-10-14The Pitfalls of In-App Browsers
Especially privacy and security concerns are a big issue with in-app browsers.
weeklyfoo #42 / 2024-07-22Whose code am I running in GitHub Actions?
A week ago, somebody added malicious code to the tj-actions/changed-files GitHub Action. If you used the compromised action, it would leak secrets to your build log. Those build logs are public for public repositories, so anybody could see your secrets. Scary!
weeklyfoo #78 / 2025-03-31