Tag
Open-sourced yao-websecurity-skill, an AI-based website security audit skill. It includes 275 security checks, supports static and dynamic audit modes, and automatically generates security scoring reports to help developers discover and fix security risks.
A web tool experiment demonstrating how to handle Content Security Policy errors in sandboxed iframes by intercepting fetch requests and prompting users to whitelist domains. The tool was built using GPT-5.5 via the Codex desktop app.
The author explains that their blog is blocking requests from old or suspicious browser user agents to mitigate a surge in high-volume crawlers, likely for LLM training data. Specific instructions are provided for users of Vivaldi and Inoreader to adjust settings or report issues.
This article details the discovery and disclosure of CVE-2025-5518 (React2Shell), a critical remote code execution vulnerability in React Server Components, explaining how researchers bypassed Flight protocol validations to access object prototypes.
Datasette PR #2689 replaces token-based CSRF protection with Sec-Fetch-Site header-based protection, inspired by Go 1.25 and Filippo Valsorda's research, simplifying CSRF handling by eliminating the need for hidden form tokens.