2026¶

March 29, 2026
in Security Advisories
10 min read

When the Security Scanner Becomes the Weapon: The Trivy Compromise of March 2026

I have spent the past week trying to piece together what actually happened with Trivy. Reading advisories, cross-referencing timelines, digging through GitHub issues and incident discussions, trying to separate confirmed facts from speculation. The more I read, the less comfortable I got. Not because the details were unclear, but because they were clear, and the implications kept getting worse.

The tool you run to find vulnerabilities in your container images was the one stealing your cloud credentials. That is what happened on March 19, 2026, when Aqua Security's Trivy scanner and its GitHub Actions integration were compromised in one of the more targeted supply chain attacks I have seen against the DevSecOps ecosystem.

If you have been running aquasecurity/trivy-action in a CI/CD pipeline over the past few months, read this carefully.

March 22, 2026
in Thoughts, Vibe coding
3 min read

Vibe coding feels like having ADHD and 20 minions

There is a moment, somewhere around the third hour, when you realize you have mass-produced an entire ecosystem and you are no longer sure what half of it does.

It started with a small thing. A script, maybe. A helper tool. Something you could describe in two sentences. And then the machine responded, and it was good, and your brain lit up like a pinball machine. So you asked for more. And more. And suddenly you are not building one thing anymore, you are conducting an orchestra of twenty invisible workers who are all extremely eager to please and not one of them will ever tell you to slow down.

January 7, 2026
in Thoughts
2 min read

When your sensors go dark, you still have to act

On Christmas Day I woke up deaf in one ear. No warning. No gradual degradation. Just silence. The experience mirrors what happens in cybersecurity when sensors fail. The lesson is uncomfortable but clear: when visibility is gone, hesitation is the real threat.