AI fakers exposed in tech dev recruitment: postmortem
A full-remote security startup nearly hired a backend engineer who doesnβt exist, after a candidate used an AI filter as an on-screen disguise in video interviews. Learnings for tech companies
weeklyfoo #76 / 2025-03-17Bypassing airport security via SQL injection
Cascading Spy Sheets
Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting
weeklyfoo #69 / 2025-01-27CORS is Stupid
A praise to the fact that you shouldnβt rely on everything by default. Essentially, it means: think for yourself!
weeklyfoo #48 / 2024-09-02GitHub MCP Exploited
Google OAuth is broken (sort of)
This is a fascinating outline of some Google oauth kind of issues.
weeklyfoo #12 / 2023-12-24How to Harden GitHub Actions: The Unofficial Guide
Build resilient GitHub Actions workflows with lessons from recent attacks.
weeklyfoo #84 / 2025-05-12How we Rooted Copilot
Microsoft has silently pushed an update back in April 2025 for Copilot Enterprise, enabling a live Python sandbox running Jupyter Notebook that can execute code in the backend.
weeklyfoo #96 / 2025-08-04Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
weeklyfoo #69 / 2025-01-27MCP Vulnerabilities Every Developer Should Know
This post covers the biggest risks (with real examples) and how to think about MCP securely.
weeklyfoo #98 / 2025-08-18Nightmares on npm: How Two Malicious Packages Facilitate Data Theft and Destruction
Our threat research team breaks down two malicious npm packages designed to exploit developer trust, steal your data, and destroy data on your machine.
weeklyfoo #54 / 2024-10-14npm Adopts OIDC for Trusted Publishing in CI/CD Workflows
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
weeklyfoo #99 / 2025-08-25npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack
npm author Qixβs account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
weeklyfoo #102 / 2025-09-15Open Source is one person
Poison everywhere: No output from your MCP server is safe
Polyfill supply chain attack hits 100K+ sites
The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites.
weeklyfoo #39 / 2024-07-01Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers
weeklyfoo #103 / 2025-09-22Principles for coding securely with LLMs
Writing code with LLMs is fundamentally different from other ways of programming. LLMs are often non-deterministic and always unpredictable. They have a capability that no other technology can match: the ability to interface with natural language. What does that mean for security?
weeklyfoo #81 / 2025-04-21Seriously, stop using RSA
The Internet Archive is under attack, with a breach revealing info for 31 million accounts
A pop-up message said the online archive has suffered βa catastrophic security breach,β as its operators say the site has been DDoSβd for days.
weeklyfoo #54 / 2024-10-14The Pitfalls of In-App Browsers
Especially privacy and security concerns are a big issue with in-app browsers.
weeklyfoo #42 / 2024-07-22Whose code am I running in GitHub Actions?
A week ago, somebody added malicious code to the tj-actions/changed-files GitHub Action. If you used the compromised action, it would leak secrets to your build log. Those build logs are public for public repositories, so anybody could see your secrets. Scary!
weeklyfoo #78 / 2025-03-31