https://dariusjdavis.com/field-notes/ Opinionated security notes from Darius J. Davis. CVE breakdowns, supply chain analysis, and honest takes on the state of security. en-us Wed, 03 Jun 2026 09:30:38 GMT https://dariusjdavis.com/field-notes/the-hacking-myth/ https://dariusjdavis.com/field-notes/the-hacking-myth/ Mon, 01 Jun 2026 12:00:00 GMT Opinion The industry loves the word 'hack.' The reality is most incidents are default credentials, unpatched systems, and misconfigurations that sat there for months. https://dariusjdavis.com/field-notes/redis-13-year-rce/ https://dariusjdavis.com/field-notes/redis-13-year-rce/ Sun, 31 May 2026 12:00:00 GMT CVE A use-after-free in Redis's Lua scripting engine has been present since 2012. CVSS 10. If you run Redis, you're probably affected. https://dariusjdavis.com/field-notes/cve-2026-ai-agent-database/ https://dariusjdavis.com/field-notes/cve-2026-ai-agent-database/ Fri, 29 May 2026 12:00:00 GMT CVE / AI Security An LLM agent with notebook access exploited a misconfigured database in under an hour. No human attacker involved, just an agent doing what it was told. https://dariusjdavis.com/field-notes/npm-supply-chain-160-packages/ https://dariusjdavis.com/field-notes/npm-supply-chain-160-packages/ Thu, 28 May 2026 12:00:00 GMT Supply Chain Attackers hijacked a maintainer token and pushed malicious code to 160+ npm packages. Every project with auto-update pulled it in automatically. https://dariusjdavis.com/field-notes/xz-utils-backdoor/ https://dariusjdavis.com/field-notes/xz-utils-backdoor/ Fri, 29 Mar 2024 12:00:00 GMT Supply Chain A maintainer spent two years earning trust in an open-source project just to slip a backdoor into the build process. This wasn't hacking. This was patience.