Blog

Blog & Insights

In-depth articles on CMS, DevSecOps, process automation, and digital transformation.

Kategorie

Supply Chain Security

npm- und Composer-Lieferketten-Vorfälle, MCP-/AI-Agent-Pakete, Wolfi/apko Build-Pipelines, SBOM, Provenance, signierte Distributionen.

40 Beiträge

ImageMagick CVE-2026-46557 (fx-Stack-Overflow)

Weiterlesen →

GitLab Patch-Release (CVE-2026-6552/10087)

Weiterlesen →

OpenSSL CVE-2026-45447 (PKCS7 UAF)

Weiterlesen →

A hardened, brushed-steel inspection plate on matte dark slate; across the plate runs a fine hairline fault, traced with a single thread of oxblood pigment — the discovered vulnerability and the only saturated colour in the image. Lower left, a fitted walnut case of fine probes and engraver's burins in brass and steel; two of them identical — one with a snug brass guard cap, the other bare beside it. Next to it a slim walnut ruler. Upper right, a raised brass loupe on a walnut block, its lens angled diagonally at the hairline fault. Cool studio key light from the upper left; a faint warm rim light from the lower right warms the walnut. The right edge of the frame fades as slate-grey negative space into near-black for a later title overlay.

Fable 5 / Mythos 5

Weiterlesen →

TYPO3 as a signed OCI artifact

Weiterlesen →

compressing CVE-2026-40931 (patch bypass)

Weiterlesen →

Miasma editor wave (AI coding agents)

Weiterlesen →

IronWorm (Rust npm worm)

Weiterlesen →

binding.gyp npm worm (node-gyp)

Weiterlesen →

FrankenPHP 1.12.4 (underscore-header / Caddy 2.11.4)

Weiterlesen →

VSCode webview escape (github.dev token stealing)

Weiterlesen →

Miasma npm worm (@redhat-cloud-services)

Weiterlesen →

rpmuncompress CVE-2026-44604 (command injection)

Weiterlesen →

Project Lightwell (IBM/Red Hat)

Weiterlesen →

vpmdhaj npm Typosquat (OpenSearch/Elastic)

Weiterlesen →

TinyMCE CVE-2026-47759 (data-mce Bypass)

Weiterlesen →

Overhead still life on a matte dark slate surface, the working table of a routing auditor. At centre, a low circular brushed-brass sorting tray with a thin central bar dividing the tray into two pigeonholes — the left one stamped /public/discovery, the right one stamped /admin/settings, both in monospaced letterpress. Lying across the central bar, a single paper-cream letter: its upper half stamped Host: example.com/.well-known/ protrudes into the /public pigeonhole, while its lower half with the slip path: /admin/settings protrudes into the /admin pigeonhole. On the upper /public half of the letter sits a single deep oxblood wax drop, pressed with a brushed-brass embossing seal as the auth stamp. Lower left, an open linen-bound audit ledger with three monospaced pencil entries, one of them legibly reading scope["path"], beside a paper-cream index card with the monospaced letterpress label CWE-444. Upper right, within the negative space, a brushed-brass embossing stamp with a walnut handle and a second paper-cream index card with the letterpress label Starlette 1.0.1. Cool studio key light from upper left, gentle warm rim light from lower right; the background fades into slate grey and near-black at the right edge, leaving room for a title overlay.

BadHost CVE-2026-48710 (Starlette/MCP)

Weiterlesen →

A fan of five cream policy cards on dark slate labelled MFA, IMMUTABILITY, COOLDOWN, PROVENANCE and POLICY; the front card carries a freshly pressed oxblood wax bead under a walnut-handled brass cipher-stamp, next to an open linen-bound maintainer ledger, a brushed-brass lockbar mechanism and a tilted brass loupe in the background.

Composer 2.10 & Packagist roadmap

Weiterlesen →

Overhead still life on a matte dark slate surface as the working table of a model-provenance auditor: two near-identical paper-cream model manifests, slightly overlapping; the left carries an intact, precisely pressed deep oxblood wax seal with a crisp embossed cipher mark; the right carries a near-identical seal in the same oxblood and form but the embossed cipher mark in its centre has been cleanly lifted out with a fine blade, the surrounding wax undisturbed. A brushed-brass magnifying lens with walnut handle rests diagonally across the seam, the glass placed exactly over the altered seal. A linen-bound provenance ledger with three monospaced SHA abbreviations in pencil, one struck through; a brass embossing stamp and a SHA-256 index card in the right-hand negative space. Cool studio key light from the upper left, faint warm rim light from the lower right; the backdrop fades into slate grey and near-black on the right edge, leaving negative space for a title overlay.

Abliteration Open-Weight Models

Weiterlesen →

Two cream paper envelopes on dark slate, one sealed with an oxblood wax seal, the other opened with a brass key-shaped letter opener, with a brass key-cabinet showing two missing keys in the background.

AI tool install as trap (SEO poisoning)

Weiterlesen →

A still life on a matt, dark slate surface, serving as a duty desk in the cyberbunker: at the centre, a burnished brass-coloured signal bell stands upright on a small stainless-steel base, its clapper pointing upwards. To the left of the bell lies a cream-coloured, wax-sealed run book on the slate surface; on the cover is a small embossed round mark and a freshly applied wax seal in a deep, rich oxblood lacquer — the only saturated colour in the picture — with a walnut-handled brass seal head still resting slightly askew on the wax. To the right of the bell, a cylindrical glass bell covers a simple burnished brass push-button actuator, mounted on a stainless steel base plate: the alarm under glass, untouched. At the bottom left lies a narrow cream-coloured duty roster with a column of illegible pencil abbreviations in hourly intervals, held in place by a brass side clip. At the top right of the negative space, a burnished marine chronometer rests at a slight angle on the slate surface, hands on standby. Cool studio key light from the top left, soft warm rim light from the bottom right; the background fades into slate grey and near-black at the right edge of the frame, leaving space for the title overlay.

Project Glasswing 30 Days

Weiterlesen →

A slim fan of paper-cream skill cards on a warm dark walnut desk; on the front card a freshly set wax pool in deep saturated oxblood lacquer under a walnut-handled brass seal handle. Lower left an open brass-bound cataloguer's ledger, upper right a brass magnifying loupe, along the right edge a soft golden bokeh view of the Mosel valley vineyards.

NVIDIA Verified Agent Skills

Weiterlesen →

Walnut-and-brass archive box with cream address-cards on matte slate; one card lifted halfway out, a substituted card with an identical embossed mark inserted in its place, brass tweezers gripping the substitution — a hidden oxblood wax seal on the back of the substituted card.

Twin Composer Incident on 22 May 2026 — Laravel-Lang Tag Injection (Aikido) and Postinstall Wave in 8 Composer Packages + 700+ GitHub Repositories (Socket)

Weiterlesen →

Walnuss-und-Messing-Karteischrank-Auszug mit cremefarbenen Karteikarten auf mattem Schiefer; sieben Karten mit oxblutroten Wachsfäden untereinander verbunden, eine halbherausgezogen mit gespannten Verbindungsfäden.

Shai-Hulud @antv-Welle (19.05.)

Weiterlesen →

Kontakt

Let's talk.

30 minutes, no pitch. We'll analyse your situation.

Beratung buchen →