Clara Leigh
@clara42.bsky.social
Laravel, VueJS, Cyber Security 🌈
Hmm I wonder if it’s a cpu power limiter then under high load 🤔
February 13, 2026 at 1:17 AM
Hmm I wonder if it’s a cpu power limiter then under high load 🤔
Anyone else's PHP github actions suddenly taking an insane time to complete?
Mine are taking 20mins-1hr and I cannot replicate any problem on local or even brand new machines setup
Mine are taking 20mins-1hr and I cannot replicate any problem on local or even brand new machines setup
February 13, 2026 at 12:49 AM
Anyone else's PHP github actions suddenly taking an insane time to complete?
Mine are taking 20mins-1hr and I cannot replicate any problem on local or even brand new machines setup
Mine are taking 20mins-1hr and I cannot replicate any problem on local or even brand new machines setup
If at first you don’t succeed, try and try again 🤔
January 26, 2026 at 1:03 AM
If at first you don’t succeed, try and try again 🤔
kinda neat, I saw something else recently but in a code that compiles code that compiles other code nesting egg
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection thehackernews.com/2026/01/goot...
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via Windows’ default extractor
thehackernews.com
January 19, 2026 at 4:18 AM
kinda neat, I saw something else recently but in a code that compiles code that compiles other code nesting egg
Reposted by Clara Leigh
We have another giveaway: a ticket to Laracon India 🎉.
Since this is a last-minute giveaway, it is only open to people already basedin Ahmedabad, India, and it's only open until January 17th, 2026.
Retweet/share for reach, and enter via our website, link below ⬇️.
Since this is a last-minute giveaway, it is only open to people already basedin Ahmedabad, India, and it's only open until January 17th, 2026.
Retweet/share for reach, and enter via our website, link below ⬇️.
January 13, 2026 at 10:15 AM
We have another giveaway: a ticket to Laracon India 🎉.
Since this is a last-minute giveaway, it is only open to people already basedin Ahmedabad, India, and it's only open until January 17th, 2026.
Retweet/share for reach, and enter via our website, link below ⬇️.
Since this is a last-minute giveaway, it is only open to people already basedin Ahmedabad, India, and it's only open until January 17th, 2026.
Retweet/share for reach, and enter via our website, link below ⬇️.
Reposted by Clara Leigh
Why governments need to treat fraud like cyberwarfare, not customer service cyberscoop.com/industrializ...
Why governments need to treat fraud like cyberwarfare, not customer service
Fraud has become industrialized and weaponized by syndicates and hostile states. This op-ed argues it’s a global security threat and outlines a new US-UK-backed public-private task force to fight it.
cyberscoop.com
January 10, 2026 at 3:42 AM
Why governments need to treat fraud like cyberwarfare, not customer service cyberscoop.com/industrializ...
Reposted by Clara Leigh
There should be a “same product, same features” law
If a country forces a company to have better privacy options or allow third party app stores or whatever it might be, you should be forced to offer that same feature here in Australia
If a country forces a company to have better privacy options or allow third party app stores or whatever it might be, you should be forced to offer that same feature here in Australia
December 24, 2025 at 9:47 PM
There should be a “same product, same features” law
If a country forces a company to have better privacy options or allow third party app stores or whatever it might be, you should be forced to offer that same feature here in Australia
If a country forces a company to have better privacy options or allow third party app stores or whatever it might be, you should be forced to offer that same feature here in Australia
By all means use it, but don't assume its telling the truth. Investigate and confirm what its said is true before you go off and ask someone else to verify its claims for you
December 12, 2025 at 12:05 AM
By all means use it, but don't assume its telling the truth. Investigate and confirm what its said is true before you go off and ask someone else to verify its claims for you
Reminder folks, chatgpt is designed to agree with you and "solve" issues so it rarely tells you that you're misunderstanding things.
It will absolutely mislead you or say its found the issue when really it's just giving its best guess
Getting tired of seeing low quality github issues hey
It will absolutely mislead you or say its found the issue when really it's just giving its best guess
Getting tired of seeing low quality github issues hey
December 12, 2025 at 12:03 AM
Reminder folks, chatgpt is designed to agree with you and "solve" issues so it rarely tells you that you're misunderstanding things.
It will absolutely mislead you or say its found the issue when really it's just giving its best guess
Getting tired of seeing low quality github issues hey
It will absolutely mislead you or say its found the issue when really it's just giving its best guess
Getting tired of seeing low quality github issues hey
Stay safe friends
A perfect CVSS 10 🧑🏻🍳💋
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
react.dev
December 4, 2025 at 11:15 PM
Stay safe friends
My favourite part of the city is the KP cliffs. Absolutely stunning views 😍
Whenever I need time to myself, this is where I go
Whenever I need time to myself, this is where I go
December 1, 2025 at 12:25 AM
My favourite part of the city is the KP cliffs. Absolutely stunning views 😍
Whenever I need time to myself, this is where I go
Whenever I need time to myself, this is where I go
I’m really hating the “I know but it’s still so cute” crowd of fb simps 😭
November 30, 2025 at 2:29 AM
I’m really hating the “I know but it’s still so cute” crowd of fb simps 😭
Ted has to be the worst of them all 🤢
Never met a more disgusting lib in my life
Never met a more disgusting lib in my life
November 24, 2025 at 1:33 AM
Ted has to be the worst of them all 🤢
Never met a more disgusting lib in my life
Never met a more disgusting lib in my life
Wrong regex in the vite file? Css in script tags? Does it refresh but not do the thing?
I feel you, I’ve had to hunt this bug down a few times
I feel you, I’ve had to hunt this bug down a few times
November 17, 2025 at 10:12 PM
Wrong regex in the vite file? Css in script tags? Does it refresh but not do the thing?
I feel you, I’ve had to hunt this bug down a few times
I feel you, I’ve had to hunt this bug down a few times
Have they finally got the DB driver working well again?!? I’ll have to check it out
I remember checking in 2 years ago with the mongo team and it was not quite ready for production usage, but it worked in some areas
I remember checking in 2 years ago with the mongo team and it was not quite ready for production usage, but it worked in some areas
November 14, 2025 at 10:05 AM
Have they finally got the DB driver working well again?!? I’ll have to check it out
I remember checking in 2 years ago with the mongo team and it was not quite ready for production usage, but it worked in some areas
I remember checking in 2 years ago with the mongo team and it was not quite ready for production usage, but it worked in some areas
Yeah fr. In my paper I compare it to the CD/USB autorun drama of the 00s. Except instead of just inserting 1 device, we pull in 10,000 from the internet and assume it’s all gucci
November 5, 2025 at 9:52 PM
Yeah fr. In my paper I compare it to the CD/USB autorun drama of the 00s. Except instead of just inserting 1 device, we pull in 10,000 from the internet and assume it’s all gucci
The first step is tackling npm autorun. Explicit approval for any post install/update script with insights
Next would be SBOMs with behaviour attached. And notices when deps grow, scripts change etc. and a move away from the habit of using deps for tiny tasks. + much more. I could rant for a while
Next would be SBOMs with behaviour attached. And notices when deps grow, scripts change etc. and a move away from the habit of using deps for tiny tasks. + much more. I could rant for a while
November 4, 2025 at 11:55 PM
The first step is tackling npm autorun. Explicit approval for any post install/update script with insights
Next would be SBOMs with behaviour attached. And notices when deps grow, scripts change etc. and a move away from the habit of using deps for tiny tasks. + much more. I could rant for a while
Next would be SBOMs with behaviour attached. And notices when deps grow, scripts change etc. and a move away from the habit of using deps for tiny tasks. + much more. I could rant for a while
In npm world it’s a little tricky rn. Personally I don’t update a pkg until it’s 2-3 wks old (unless it’s a security patch). This gives community run static/dynamic analysis tools time to find and flag things. There are SBOM tools that help too
The real solution would require community change… 1/2
The real solution would require community change… 1/2
November 4, 2025 at 11:55 PM
In npm world it’s a little tricky rn. Personally I don’t update a pkg until it’s 2-3 wks old (unless it’s a security patch). This gives community run static/dynamic analysis tools time to find and flag things. There are SBOM tools that help too
The real solution would require community change… 1/2
The real solution would require community change… 1/2
I wrote a research paper on this topic just last month
This issue is entirely preventable. The only reason we keep seeing this style of attack is because our industry keeps repeating the same mistakes over and over again 😔
This issue is entirely preventable. The only reason we keep seeing this style of attack is because our industry keeps repeating the same mistakes over and over again 😔
Malicious NPM Packages Disguised With 'Invisible' Dependencies www.darkreading.com/application-...
Malicious NPM Packages Contain Invisible Dependencies
In the "PhantomRaven" campaign, threat actors published 126 malicious npm packages that have flown under the radar, while collecting 86,000 downloads.
www.darkreading.com
November 4, 2025 at 11:00 PM
I wrote a research paper on this topic just last month
This issue is entirely preventable. The only reason we keep seeing this style of attack is because our industry keeps repeating the same mistakes over and over again 😔
This issue is entirely preventable. The only reason we keep seeing this style of attack is because our industry keeps repeating the same mistakes over and over again 😔
Reposted by Clara Leigh
Whoa this is stunning
November 4, 2025 at 3:53 PM
Whoa this is stunning
I knew the good talks with China could only last so long. Guessing it’s a proxy war sorta thing? I haven’t read into it yet
November 2, 2025 at 9:16 PM
I knew the good talks with China could only last so long. Guessing it’s a proxy war sorta thing? I haven’t read into it yet
It’s the small things that keep me on Mac.
Like I remember my yubikey being a pain with git commits on Linux and other little small things that take hours to fix properly
I do miss my Linux daily driver tho 🥲
Like I remember my yubikey being a pain with git commits on Linux and other little small things that take hours to fix properly
I do miss my Linux daily driver tho 🥲
October 29, 2025 at 8:43 PM
It’s the small things that keep me on Mac.
Like I remember my yubikey being a pain with git commits on Linux and other little small things that take hours to fix properly
I do miss my Linux daily driver tho 🥲
Like I remember my yubikey being a pain with git commits on Linux and other little small things that take hours to fix properly
I do miss my Linux daily driver tho 🥲
✨Microsoft security✨
My first response from VS Marketplace support is requesting supporting additional evidence I have that this listing is malware.
If anyone can publish an extension with admittedly malicious intent with no response, what does that do for the health of the marketplace?
If anyone can publish an extension with admittedly malicious intent with no response, what does that do for the health of the marketplace?
October 27, 2025 at 1:22 PM
✨Microsoft security✨