Series

Security Research

Technical security write-ups covering malware, abuse, impersonation, supply-chain risks, and real-world trust boundary failures.

Binance Fixed the IP Whitelist Gap. The Disclosure Process Is Still Broken.
I reported the listenKey issue in December 2024. Thirteen days of recent supply-chain findings pushed me to re-test it — and the vulnerability now appears closed after being rejected as “Social Engineering.”
May 5, 202611 min read184
The PyPI Package Was Clean. That Was the Problem.
A near-identical clone of my Binance WebSocket library had no payload — but it spoofed identity, shadowed the import path, linked to a 404 repo, and came from the same account as pybotnet.
May 5, 202613 min read20
I had a fake job interview. It was a malware delivery chain.
A fake recruiter tried to turn VSCode workspace trust into silent code execution. Here is the attack chain, the infrastructure, and the IOCs.
Apr 29, 202617 min read97
From a coffee-in-bed Google search to a StealC-linked campaign — the story behind nailproxy.space
How 19 fake GitHub repositories across 17 accounts led from a Python dropper to a StealC-linked payload chain.
Apr 23, 202616 min read246
nailproxy.space: A Multi-Repository GitHub Malware Campaign
Update (2026-04-22, 13:33): I submitted this case to GitHub Support for campaign-level review. Ticket ID: 4313391. Further update (2026-04-23): I published a deeper technical follow-up covering the
Apr 22, 20269 min read165
Security Warning: Fraudulent GitHub Repository Impersonating UNICORN Binance WebSocket API
Update (2026-04-22): Further analysis indicates that this fraudulent repository is likely one lure within a broader GitHub malware campaign.Across the currently confirmed set, multiple repositories sh
Apr 22, 202611 min read74

Command Palette