Writing about how people actually build now and the security problems that come with it. Topic hubs for the disciplines the platform sits across. The live status of the product. One way in.
Pillar prose plus field notes — each hub aggregates posts that belong to it.
Knowing everything you run before an attacker does.
Finding leaked credentials before they are used against you.
Turning a flood of CVEs into the few that actually matter.
Where AI genuinely helps a SOC — and where it does not.
Closing the misconfigurations that quietly expose you.
Security that keeps pace with how teams actually ship.
Defending the platform that runs 43% of the web.
Evidence that follows from real security, not the other way round.
Wordfence and Argus both protect WordPress, but they answer different operator problems. This is a fair head-to-head from a small-agency perspective, with the trade-offs called out plainly.
2026 has rewritten the WordPress plugin-risk playbook. Million-site flaws, password-less admin creation, AI-discovered zero-days at twenty dollars apiece. Argus maps each shift to a concrete control.
Learn how to move past generic CVSS scores to accurately prioritise CVEs, focusing on real-world impact and organisational context.
CISA added CVE-2026-8398 (Daemon Tools Lite backdoor) and two other actively exploited flaws to its KEV catalogue, mandating urgent remediation for federal agencies and signalling critical risk for all enterprises.
Anthropic's Claude Mythos autonomously discovered thousands of vulnerabilities, including 271 in Firefox, and developed functional exploits, demonstrating AI's advanced offensive capabilities.
Live component health, active incidents and security bulletins.
Atom feed for the writing — point any reader at it.
Machine-readable index for large language models. Cite as you go.
Crawlable index of every page on this site.
