https://dariusjdavis.com/blog/ Opinionated security notes from Darius J. Davis. CVE breakdowns, supply chain analysis, and honest takes on the state of security. en-us Sun, 07 Jun 2026 08:10:14 GMT https://dariusjdavis.com/blog/the-hacking-myth/ https://dariusjdavis.com/blog/the-hacking-myth/ Mon, 01 Jun 2026 12:00:00 GMT Opinion The world loves the word 'hack.' The reality is that the biggest threat to any organization is the people inside it. Phishing, insider threats, default passwords, leaked credentials, or just someone holding the door open for a stranger. https://dariusjdavis.com/blog/redis-13-year-rce/ https://dariusjdavis.com/blog/redis-13-year-rce/ Sun, 31 May 2026 12:00:00 GMT CVE A use-after-free in Redis's Lua scripting engine has been sitting there since 2012. CVSS 10. If you run Redis, you're probably affected. Nobody noticed for over a decade. https://dariusjdavis.com/blog/cve-2026-ai-agent-database/ https://dariusjdavis.com/blog/cve-2026-ai-agent-database/ Fri, 29 May 2026 12:00:00 GMT CVE / AI Security An LLM agent with notebook access exploited a misconfigured database in under an hour. No human attacker involved, just an agent doing what it was told. https://dariusjdavis.com/blog/npm-supply-chain-160-packages/ https://dariusjdavis.com/blog/npm-supply-chain-160-packages/ Thu, 28 May 2026 12:00:00 GMT Supply Chain Attackers hijacked a maintainer token and pushed malicious code to 160+ npm packages. Every project with auto-update pulled it in automatically. The 'hack' was npm doing what it was designed to do. https://dariusjdavis.com/blog/xz-utils-backdoor/ https://dariusjdavis.com/blog/xz-utils-backdoor/ Fri, 29 Mar 2024 12:00:00 GMT Supply Chain A maintainer spent two years earning trust in an open-source project to slip a backdoor into the build process. This wasn't a technical exploit. It was social engineering with a very long fuse.