security

2 posts

Back Button Hijacking Is Not a Bug-It's a Trust Boundary Failure

Back button hijacking isn't a bug-it's a trust boundary failure. When client-side state persists after logout, authenticated content remains accessible without server-side validation. This is not browser behavior; it's a design flaw in access control enforcement.

Apr 20, 2026

Article

Your npm install Just Ran Someone Else's Code

Supply chain security is not a dependency problem. It is a trust delegation problem. And the system was never designed to handle the weight.

Apr 1, 2026