Security - Sébastien Dubois

Attacker puppeteering malicious packages behind a hallucinated install command

Blog

Slopsquatting, Typosquatting, and the New Software Supply Chain Attacks: How AI and Vibe Coding Are Making Package Registries Even More Dangerous

AI coding tools hallucinate fake package names. Attackers register them. You install malware. Here's how slopsquatting works and what you can do about it.

Giving an AI agent access to your browser is risky: VPS tunnels into your Chrome

Blog

How to Give Your AI Agent Access to Your Chrome Browser (And Why You Should Be Scared)

Giving your AI agent access to your browser is like handing over your keys. Here's how to do it without losing everything.

Barbed wire fence against the sky, evoking the need for strict input validation as a security barrier

Blog

How to implement input validation with NestJS

Learn how to validate incoming data with NestJS

Tangle of padlocks on a Paris bridge, a metaphor for layered authorization and access control

Blog

Authorization best practices

Authorization best practices to improve the security of your applications

Love padlocks clipped to a Paris bridge, evoking trust and secure connections

Blog

Deploying TLS certificates for local development and production using Kubernetes, cert-manager, mkcert and Let’s Encrypt

How to deploy TLS certificates for local development and production using Kubernetes, cert-manager, mkcert and Let’s Encrypt

Slopsquatting, Typosquatting, and the New Software Supply Chain Attacks: How AI and Vibe Coding Are Making Package Registries Even More Dangerous

How to Give Your AI Agent Access to Your Chrome Browser (And Why You Should Be Scared)

DeveloPassion's Newsletter - Less is more

How to implement input validation with NestJS

Authorization best practices

Deploying TLS certificates for local development and production using Kubernetes, cert-manager, mkcert and Let’s Encrypt

Free: Knowledge System Checklist