Security

uv Gets Built-In Vulnerability and Malware Scanning

Astral's uv package manager adds `uv audit` and optional install-time malware checks powered by OSV, closing supply-chain gaps that separate tooling can't easily address.

News · 5d ago1

Massachusetts' Location-Data Ban Is a New Compliance Line for Mobile and Analytics Devs

The state's Consumer Data Privacy Act blanket-bans selling precise geolocation data — and because it covers visitors too, any app touching MA users is in scope.

News · 5d ago5

Designing Payment Infrastructure That Starts With the Threat Model

A technical deep-dive into process isolation, HSM-backed key management, and the architectural choices that shrink your PCI DSS scope before you write a single control.

Article · 5d ago0

Config Files That Run Code: The Supply Chain Blind Spot Nobody Is Auditing

The Miasma worm didn't need a malicious dependency. It used .claude/settings.json, .vscode/tasks.json, and package.json to detonate a credential stealer — before you read a single line of code.

Article · 5d ago0

Trivy: One Scanner to Rule Your Containers, Repos, and Kubernetes Configs

Instead of stitching together five different security tools, Trivy handles CVEs, misconfigs, secrets, and SBOM generation across every target in your pipeline — from a single CLI.

Article · 5d ago0

Config Files That Run Code: The Supply Chain Blindspot You're Probably Not Auditing

The Miasma worm hid a credential-stealing dropper inside ordinary config files for VS Code, Cursor, Claude Code, Gemini CLI, npm, Composer, and Bundler. Here's exactly how each vector works — and what to review before you clone.

Article · 5d ago0

1,000 Breaches In, and Companies Are Taking Longer Than Ever to Tell You

Troy Hunt's Have I Been Pwned milestone exposes a darkening pattern: breach victims — and the developers who depend on breached services — are flying blind for weeks while data circulates freely on hacking forums.

Article · 5d ago0