software integrity

2 posts

Identity Continuity Failure in WordPress Plugin Supply Chain Compromise

A set of 30 WordPress plugins contained identical backdoors with synchronized timestamps and shared obfuscation patterns. The failure stemmed from lack of identity continuity enforcement across the software lifecycle, allowing coordinated malicious uploads without detection.

Apr 13, 2026

Article

How Trust in Open-Source Updates Becomes a Systemic Failure Mode

A structural analysis of how trust in open-source updates becomes exploitable when systems assume past safety implies future safety, using the Trivy compromise as a case study.

Apr 2, 2026