Blog
Security analyses, DevSecOps, TYPO3 & Kubernetes — and, in between, personal notes from life as a caregiving father. Posts in the “Personal” category are exactly that.
Blog
All posts22.05.2026→11.05.2026→11.05.2026→11.05.2026→11.05.2026→23.04.2026→23.05.2026→13.06.2026→22.05.2026→11.05.2026→11.05.2026→23.05.2026→
BIND 9 resolver loop (CVE-2026-5950)
Article 50 gets concrete — the European Commission publishes its transparency guidelines for the AI Act and gives you 26 days to weigh in
Databases in BSI's blueprint: what the new practical guide changes operationally for relational, NoSQL and containerised systems
Apache HTTP/2 CVE-2026-23918: when two frames topple the webserver pool — what 2.4.67 actually changes
Symfony Process CVE-2026-24739
When your own password manager becomes a supply-chain risk: the Bitwarden CLI incident of 22 April 2026
Post-Quantum Security Is Not a Future Problem — RFC 9964, ML-DSA and What I Already Run in Production
Multi-agent illusion
Symfony Webhook HMAC Follow-up
The second LiteLLM flaw in 14 days: CVE-2026-42203 (Jinja2 SSTI in /prompts/test) and why proxy endpoints behind API keys are not the end of the story
When the image builder accepts the wrong letter: three flaws in apko (CVE-2026-42574 / -42575 / -42576) and what Wolfi build pipelines need today
Twin Composer Incident on 22 May 2026 — Laravel-Lang Tag Injection (Aikido) and Postinstall Wave in 8 Composer Packages + 700+ GitHub Repositories (Socket)