Blog.
Release notes, architecture writeups, and post-mortems from the Santh toolchain.
Subscribe: Atom feed
Seven flaws in the Securly content-filtering extension.
→
A review of v3.0.7 of the Securly Chrome extension, used on K-12 Chromebooks, found seven issues: plaintext-HTTP config, hardcoded AES keys, MD5/SHA-1 hashing, a Caesar-cipher "access control", and an undeclared content script. Coordinated by CERT/CC as VU#595768.
2026-06-03 - CVE-2026-8874, -8876, -8878, -8879, -8881, -8888, -8889.
Meet keyhog: a GPU-accelerated, open-source secret scanner.
→
Open-source secret scanner in Rust. SIMD on the CPU, an Aho-Corasick automaton on the GPU, live verification of which leaked keys are still active, and SARIF + JSON + TUI output.
2026-05-28 - What keyhog catches, how it stays accurate, and how to drop it into CI.
Pre-authentication session fixation in Vaultwarden SSO.
→
Vaultwarden's OpenID Connect SSO flow was not bound to the browser that started it, allowing account takeover of any SSO user who completes a login. The flaw, the exploit, and the 1.36.0 fix.
2026-05-19 - CVE-2026-47158, CVSS 8.3.