Pin Actions to SHAs

gh-actions-lockfile generates a lockfile that pins actions — including transitive dependencies — to exact commit SHAs with integrity hashes, enabling verification and auditability via a GitHub Action or CLI.

Agent Skills: Reusable automation for Codex

Skills package instructions and optional assets so Codex can perform specific workflows; they can be invoked explicitly or picked automatically when relevant.

GotaTun — WireGuard Rebuilt in Rust

Mullvad released GotaTun, a Rust implementation of WireGuard, to Android, removing wireguard-go crashes, improving stability, and adding privacy features like DAITA and Multihop.

Fuzzy Canary

A lightweight tool that injects invisible 'canary' links into your HTML to trigger scrapers' content safeguards. Install via npm and prefer server-side injection so non-JS scrapers still see it.

FreeBSD RCE: ND6 Router Advertisements Exploit

A critical vulnerability (CVE-2025-14558) in FreeBSD's rtsold and rtsol programs allows remote code execution via unvalidated IPv6 router advertisement messages on the same network segment.

From SSRF to RCE: A 7-Step Chain Against PostHog

A deep dive into how overlooked validations, a SQL escaping bug, and static credentials turned a simple webhook into a full system compromise.

Docker Hardened Images: Secure by Default, Free for All

A new industry standard with guaranteed patching, minimal attack surface, and full transparency—available at zero cost.

8 Million Users’ AI Conversations Sold by ‘Privacy’ Extensions

Urban VPN Proxy and sibling extensions silently harvested and monetized intimate AI chat data for months.

Hakrawler Tutorial: Fast Web Crawler for Bug Bounty

Whether you're interested in penetration testing, OSINT, or bug bounty, this quick and easy Golang-based crawler is an essential addition to your recon toolbox. On a newly configured Ubuntu ARM64 virtual machine, we will install Hakrawler, run practical examples, and learn how to use it efficiently. Setup "

ToolHive Tutorial: Securely Deploy and Manage MCP Servers

In this blog, we're delving into ToolHive, a small tool that makes managing and deploying MCP servers remarkably simple and safe. ToolHive transforms your development process by integrating container security and configuration automation, regardless of whether you're using Cursor, GitHub Copilot, or other tools. Let'

Secure Your Kubernetes Access with kubectl-rexec Plugin

Have you ever hopped inside a pod and swiftly debugged something using kubectl exec? It's useful, but it has a big flaw: there is no audit trail. Kubectl-rexec can help with that. The Kubectl exec Issue When you're running: kubectl exec -it mypod -- bash You&

ProxyBlob: Create SOCKS Proxy via Azure Blob Storage

Have you ever been in an environment where direct network access is blocked, but cloud services like Azure Blob Storage are still reachable? What if I told you that you could tunnel your internet traffic through those blob storage endpoints? That’s exactly what ProxyBlob does. In this post, I’