https://nefariousplan.com/ 2026-05-25T15:39:15.656Z weekly 1 https://nefariousplan.com/about 2026-05-25T15:39:15.656Z yearly 0.5 https://nefariousplan.com/for-hire 2026-05-25T15:39:15.656Z yearly 0.6 https://nefariousplan.com/pgp 2026-05-25T15:39:15.656Z yearly 0.4 https://nefariousplan.com/patterns 2026-05-25T15:39:15.656Z weekly 0.8 https://nefariousplan.com/posts/protobufjs-cve-2026-41242-type-name-was-javascript 2026-05-24T17:10:49.142Z yearly 0.7 https://nefariousplan.com/posts/mattermost-cve-2025-25279-fileid-was-never-an-id 2026-05-22T17:03:11.142Z yearly 0.7 https://nefariousplan.com/posts/divi-form-builder-cve-2026-5118-administrator-existed 2026-05-21T14:55:59.219Z yearly 0.7 https://nefariousplan.com/posts/drupal-cve-2026-9082-the-comment-said-values 2026-05-21T07:35:46.564Z yearly 0.7 https://nefariousplan.com/posts/cve-2010-0249-kev-deadline-is-a-census 2026-05-20T19:05:12.705Z yearly 0.7 https://nefariousplan.com/posts/n8n-git-cve-2026-21877-helper-was-already-there 2026-05-19T17:02:44.175Z yearly 0.7 https://nefariousplan.com/posts/graphql-ruby-cve-2025-27407-loaded-the-schema-by-compiling-it 2026-05-18T17:13:25.043Z yearly 0.7 https://nefariousplan.com/posts/handlebars-cve-2026-33937-trusts-its-own-ast 2026-05-16T17:14:41.424Z yearly 0.7 https://nefariousplan.com/posts/cisco-cve-2026-20182-the-exploit-is-a-bitcoin-address 2026-05-15T19:06:01.237Z yearly 0.7 https://nefariousplan.com/posts/exchange-cve-2026-42897-mitigation-invisible-to-health-checker 2026-05-15T18:58:41.626Z yearly 0.7 https://nefariousplan.com/posts/nginx-cve-2026-42945-the-other-half-of-the-2012-patch 2026-05-15T18:24:54.589Z yearly 0.7 https://nefariousplan.com/posts/ninja-forms-cve-2026-0740-two-patches 2026-05-15T17:04:25.024Z yearly 0.7 https://nefariousplan.com/posts/llama-cpp-cve-2026-34159-deserializer-three-cves-have-not-patched 2026-05-14T17:02:37.463Z yearly 0.7 https://nefariousplan.com/posts/zabbix-cve-2024-22120-audit-log-is-the-read-primitive 2026-05-13T17:09:09.115Z yearly 0.7 https://nefariousplan.com/posts/airflow-aws-saml-poc-tests-wrong-endpoint 2026-05-11T17:11:43.921Z yearly 0.7 https://nefariousplan.com/posts/nginx-ui-backup-signature-key-on-the-request 2026-05-09T14:53:36.805Z yearly 0.7 https://nefariousplan.com/posts/apache-h2-spurge-was-an-ihash 2026-05-09T14:41:01.603Z yearly 0.7 https://nefariousplan.com/posts/dirty-frag-patched-half-ubuntu-already-mitigates 2026-05-09T14:31:35.902Z yearly 0.7 https://nefariousplan.com/posts/dirty-frag-tcp-set-the-flag-udp-did-not 2026-05-09T14:24:49.639Z yearly 0.7 https://nefariousplan.com/posts/rengine-cve-2023-50094-is-a-drawer 2026-05-08T17:00:09.503Z yearly 0.7 https://nefariousplan.com/posts/marimo-terminal-ws-only-websocket-without-the-check 2026-05-07T17:09:52.039Z yearly 0.7 https://nefariousplan.com/posts/dotnetnuke-cve-2017-9822-deserializer-still-public 2026-05-06T17:08:00.265Z yearly 0.7 https://nefariousplan.com/posts/tandoor-recipes-bleach-is-not-a-jinja-sandbox 2026-05-05T17:02:59.386Z yearly 0.7 https://nefariousplan.com/posts/restropress-token-is-issued-not-forged 2026-05-03T17:03:19.718Z yearly 0.7 https://nefariousplan.com/posts/cpanel-session-file-is-a-bus 2026-05-02T14:51:10.290Z yearly 0.7 https://nefariousplan.com/posts/linux-copyfail-cve-2026-31431-the-bug-is-not-in-authencesn 2026-05-02T14:48:24.156Z yearly 0.7 https://nefariousplan.com/posts/github-rails-env-is-a-header-field 2026-05-02T14:18:21.679Z yearly 0.7 https://nefariousplan.com/posts/fortimanager-get-auth-does-not-authenticate 2026-04-30T17:04:41.198Z yearly 0.7 https://nefariousplan.com/posts/checkmarx-kics-scanner-ran-so-did-their-code 2026-04-28T20:17:03.064Z yearly 0.7 https://nefariousplan.com/posts/ruby-saml-signature-verified-wrong-digest 2026-04-28T17:05:55.541Z yearly 0.7 https://nefariousplan.com/posts/lenovo-lde-junction-preemption 2026-04-27T17:13:25.909Z yearly 0.7 https://nefariousplan.com/posts/breeze-cache-cve-2026-3844-gravatar-fetcher-fetched-anything 2026-04-26T16:13:13.813Z yearly 0.7 https://nefariousplan.com/posts/packagekit-cve-2026-41651-polkit-authorized-the-slot 2026-04-26T14:23:48.449Z yearly 0.7 https://nefariousplan.com/posts/runpaperclip-cve-2026-41679-silent-no-op 2026-04-26T05:44:47.774Z yearly 0.7 https://nefariousplan.com/posts/composer-perforce-synccodebase-injection 2026-04-25T17:03:27.112Z yearly 0.7 https://nefariousplan.com/posts/adobe-acrobat-cve-2026-34621-detection-lie 2026-04-23T17:55:39.337Z yearly 0.7 https://nefariousplan.com/posts/pix-woocommerce-nonce-is-not-auth 2026-04-22T17:10:49.605Z yearly 0.7 https://nefariousplan.com/posts/tomcat-encryptinterceptor-fails-open 2026-04-21T04:02:06.750Z yearly 0.7 https://nefariousplan.com/posts/fortisandbox-cve-2026-39808-unauth-rce 2026-04-19T18:43:55.937Z yearly 0.7 https://nefariousplan.com/posts/adobe-acrobat-cve-2026-34621-pdf-weaponizer 2026-04-19T18:43:55.808Z yearly 0.7 https://nefariousplan.com/posts/bluhammer 2026-04-19T18:43:55.697Z yearly 0.7 https://nefariousplan.com/posts/undefend 2026-04-19T18:43:55.601Z yearly 0.7 https://nefariousplan.com/posts/the-trust-inversion 2026-04-19T18:43:55.488Z yearly 0.7 https://nefariousplan.com/posts/redsun-windows-defender-system-write 2026-04-19T18:43:55.348Z yearly 0.7 https://nefariousplan.com/posts/sap-netweaver-cvss-10-upload-to-webroot 2026-04-19T18:43:55.206Z yearly 0.7 https://nefariousplan.com/posts/axios-sapphire-sleet-70-million-installs 2026-04-19T18:43:55.074Z yearly 0.7 https://nefariousplan.com/posts/teampcp-they-came-for-the-scanners 2026-04-19T18:43:54.683Z yearly 0.7 https://nefariousplan.com/posts/oracle-cloud-the-breach-they-technically-didnt-deny 2026-04-19T18:43:54.583Z yearly 0.7 https://nefariousplan.com/posts/prompt-injection-is-a-supply-chain-attack 2026-04-19T18:43:54.464Z yearly 0.7 https://nefariousplan.com/posts/mcp-servers-the-new-npm-left-pad 2026-04-19T18:43:54.304Z yearly 0.7 https://nefariousplan.com/posts/shai-hulud-the-npm-worm 2026-04-19T18:43:54.192Z yearly 0.7 https://nefariousplan.com/posts/xrpl-npm-the-official-package-was-the-threat 2026-04-19T18:43:54.092Z yearly 0.7 https://nefariousplan.com/posts/clfs-ransomwares-favorite-kernel-driver 2026-04-19T18:43:53.985Z yearly 0.7 https://nefariousplan.com/posts/crushftp-pre-auth-mft-is-the-target 2026-04-19T18:43:53.873Z yearly 0.7 https://nefariousplan.com/posts/tj-actions-mutable-tags-were-always-a-lie 2026-04-19T18:43:53.726Z yearly 0.7 https://nefariousplan.com/posts/bybit-safe-ui-poisoning-fifteen-hundred-million 2026-04-19T18:43:53.625Z yearly 0.7 https://nefariousplan.com/posts/ivanti-the-vulnerability-subscription 2026-04-19T18:43:53.322Z yearly 0.7 https://nefariousplan.com/patterns/design-debt-driver 2026-04-19T18:33:52.781Z monthly 0.6 https://nefariousplan.com/patterns/unpatchable-primitive 2026-04-19T18:33:56.307Z monthly 0.6 https://nefariousplan.com/patterns/content-is-command 2026-04-19T18:33:52.096Z monthly 0.6 https://nefariousplan.com/patterns/trust-inversion 2026-04-19T18:33:07.325Z monthly 0.6 https://nefariousplan.com/patterns/the-detector-is-the-target 2026-04-19T18:33:55.736Z monthly 0.6 https://nefariousplan.com/patterns/todo-that-shipped 2026-04-19T18:33:55.925Z monthly 0.6 https://nefariousplan.com/patterns/unauth-write-to-execution-path 2026-04-19T18:33:56.136Z monthly 0.6 https://nefariousplan.com/patterns/disclosure-after-exploitation 2026-04-19T18:33:53.198Z monthly 0.6 https://nefariousplan.com/patterns/fail-open-intercept 2026-04-19T18:33:53.603Z monthly 0.6 https://nefariousplan.com/patterns/disclaimer-wrapped-campaign-kit 2026-04-19T18:33:52.961Z monthly 0.6 https://nefariousplan.com/patterns/security-tool-as-primitive 2026-04-19T18:33:55.193Z monthly 0.6 https://nefariousplan.com/patterns/emergent-primitive 2026-04-19T18:33:53.423Z monthly 0.6 https://nefariousplan.com/patterns/nonce-is-not-auth 2026-04-19T18:33:54.521Z monthly 0.6 https://nefariousplan.com/patterns/denial-by-pedantry 2026-04-19T18:33:52.491Z monthly 0.6 https://nefariousplan.com/patterns/idle-indistinguishable-from-broken 2026-04-26T06:20:36.977Z monthly 0.6 https://nefariousplan.com/patterns/maintainer-account-compromise 2026-04-19T18:33:53.897Z monthly 0.6 https://nefariousplan.com/patterns/mutable-reference-as-immutable 2026-04-19T18:33:54.342Z monthly 0.6 https://nefariousplan.com/patterns/revocation-gap 2026-04-19T18:34:31.668Z monthly 0.6 https://nefariousplan.com/patterns/commented-out-code-is-testimony 2026-04-19T18:33:51.816Z monthly 0.6 https://nefariousplan.com/patterns/mft-as-primary-target 2026-04-19T18:33:54.123Z monthly 0.6 https://nefariousplan.com/patterns/persistent-blindspot 2026-04-19T18:33:54.736Z monthly 0.6 https://nefariousplan.com/patterns/security-metric-theater 2026-04-22T04:05:18.088Z monthly 0.6 https://nefariousplan.com/patterns/self-propagating-supply-chain 2026-04-19T18:33:55.351Z monthly 0.6 https://nefariousplan.com/patterns/auth-pins-the-slot-not-the-value 2026-04-26T14:41:35.660Z monthly 0.6 https://nefariousplan.com/patterns/junction-preemption 2026-04-22T03:28:49.987Z monthly 0.6 https://nefariousplan.com/patterns/prototype-pollution-trust-bypass 2026-04-19T18:33:54.909Z monthly 0.6 https://nefariousplan.com/patterns/signing-surface-poisoning 2026-04-19T18:33:55.538Z monthly 0.6 https://nefariousplan.com/patterns/toctou-that-isnt 2026-04-22T04:05:12.686Z monthly 0.6 https://nefariousplan.com/patterns/unsigned-ecosystem-echo 2026-04-19T18:33:56.544Z monthly 0.6