Security
Cybersecurity, cryptography, and security practices
AES: The Encryption Standard That Protects Almost Everything
AES is the symmetric block cipher standardized by NIST in 2001, operating on 128-bit blocks with 128/192/256-bit keys — used in disk encryption, TLS, and CSPRNGs.
CSPRNGs: Why Cryptographically Secure Random Numbers Are Essential for Security
Cryptographically Secure Pseudo-Random Number Generators (CSPRNGs) produce output that is computationally indistinguishable from true randomness — meaning an attacker cannot predict future outputs even with knowledge of past outputs. Standard PRNGs (Math.random(), rand()) are deterministic and reversible. CSPRNGs use entropy from hardware sources (timing jitter, thermal noise) and cryptographic algorithms to produce unpredictable output. Always use CSPRNGs for tokens, keys, session IDs, and any security-sensitive value.
Privilege Escalation: When Attackers Climb the Access Ladder
Privilege escalation is a security attack where a user gains access beyond their authorization — vertical (user→admin) or horizontal (user→other user) — a fundamental vulnerability class.
ISO 27001: The International Standard for Information Security Management
ISO 27001 is the international certification framework for information security management systems, requiring risk assessment, 93 security controls, and continuous improvement.
Software Supply Chain Attacks: How Dependencies Become Attack Vectors
Software supply chain attacks compromise a software package or build system so that every application depending on it is automatically infected. The attack surface is enormous: a typical web application has hundreds to thousands of transitive dependencies, each one a trust relationship. Notable examples: SolarWinds (2020, compromised build system infected 18,000 organizations), event-stream (2018, NPM package maintainer handed off to attacker), and LiteLLM (2026, GitHub account takeover affecting 97M monthly downloads).
Salt Typhoon SD-WAN Attack: Zero-Day Plus Firmware Downgrade Chain by Chinese State APT
Cisco Talos disclosed in February 2026 that Chinese state-sponsored actor UAT-8616 (Salt Typhoon/RedMike) exploited a CVSS 10.0 zero-day in Cisco Catalyst SD-WAN (CVE-2026-20127) to join victim networks as a fake branch, performed a firmware downgrade to reintroduce a 2022 vulnerability (CVE-2022-20775) for root escalation, then re-upgraded the firmware to hide forensic evidence. The campaign ran for at least three years before detection.
LiteLLM Supply Chain Attack: 97 Million Monthly Downloads Compromised via GitHub Account Takeover
In early 2026, LiteLLM — a Python package downloaded 97 million times per month — was compromised when attackers took over the GitHub owner's account and pushed version 1.82.8 containing credential-stealing malware. The malicious code hijacked Python's .pth startup mechanism to exfiltrate SSH keys, cloud credentials, crypto wallets, and database passwords from every infected machine. The incident exposed multiple systemic failures: transitive dependency risk, AI-generated bot spam suppressing the vulnerability report, and meaningless compliance badges from a provider accused of faking reports.