Blog
Supply-chain research and findings.
Field notes on the update-channel attack, how Extuno catches it, and what vulnerability, secret-leak, static, dynamic, and AI analysis each contribute.
| Category | Date | Author | Article | Read | |
|---|---|---|---|---|---|
| Research | 2026-06-20 | Tolga SEZER | How an extension turns malicious after an update | 6 min | -> |
| Guide | 2026-06-20 | Tolga SEZER | npm typosquatting and dependency confusion, explained | 7 min | -> |
| Explainer | 2026-06-20 | Tolga SEZER | What browser extension permissions actually expose | 6 min | -> |
| Guide | 2026-06-20 | Tolga SEZER | Finding leaked secrets in CI before they ship | 6 min | -> |