Defense in depth
I Scanned 152 Files of My Own AI-Generated Code for Invisible Unicode Malware
- David O'Neil
- Cybersecurity
- 16 Mar, 2026
Two weeks ago, a supply chain attack called Glassworm compromised 150+ GitHub repositories and 72+ browser extensions by hiding malicious payloads in characters that are literally invisible in every
read more
Claude Code Has Two New CVEs — Here's What They Exploit and How to Harden Your Setup
- David O'Neil
- Cybersecurity
- 03 Mar, 2026
Your engineers cloned repositories today. Probably dozens. If any of those repos contained a malicious .claude/settings.json, they may have executed arbitrary shell code without a single confirmatio
read more
How I Made Claude Code Safer (And You Can Too)
- David O'Neil
- Cybersecurity
- 10 Feb, 2026
I've been running Claude Code on real projects for months. It's great at writing code — but it doesn't always understand the consequences of what it writes. Claude Code validates which tools can run.
read more