GitHub

5 posts

Apr 14, 2026

Expired Credentials That Still Work: The Zombie Key Problem (NHI Kill Chain #5)

Secret scanning alert: Resolved. Credential status: Active. Deleting a secret from code is not the same as revoking it. Inside the Zombie Key kill chain.

Ben Kim

Team Member

Mar 25, 2026

When the Security Scanner Became the Weapon — A Cyber Kill Chain Analysis of the Trivy Supply Chain Attack

Aqua Security's Trivy was compromised by TeamPCP, cascading into LiteLLM. A 7-phase Cyber Kill Chain and MITRE ATT&CK analysis of how incomplete credential rotation turned a single breach into a five-ecosystem catastrophe.

Ben Kim

Team Member

Aug 28, 2025

Nx Package Supply Chain Attack: How a GitHub Actions Vulnerability Caused a Global Crisis

Attackers exploited a GitHub Actions vulnerability to compromise the Nx package. Analysis of the attack chain, who was affected, and how to detect similar threats.

Ben Kim

Team Member

Apr 27, 2025

Vercel Environment Variables Best Practices: Preventing Secret Exposure (With Real Cases)

Vercel environment variables are convenient but easy to misconfigure. How AWS, Stripe, and GitHub keys actually leak through Vercel frontends, and the best practices that prevent it.

Ben Kim

Team Member