security
Tales of OIDC & OAuth Security: What It Takes to Trust a Token
Websocket XSS vulnerability discovery: My security journey at Mercari
Mercari’s Phishing-Resistant Accounts with Passkey
Locked Shields 2025 Event Report
Removing GitHub PATs and Private Keys From Google Cloud: Extending Token Server to Google Cloud
When Caching Hides the Truth: A VPC Service Controls & Artifact Registry Tale
How to bypass GitHub’s Branch Protection
LLMs at Work: Outsourcing Vendor Assessment Toil to AI
Mapping the Attack Surface from the Inside
Mercari’s passkey adoption
