~/security $

Adnan Khan

Security Engineer & Researcher

I'm a Security Engineer and Researcher, and this is my website and research blog! I work as a Security Engineer full time for a large company, but I also do some research in my spare time. I'm particularly interested in security risks that impact developers and systems used by developers.

GitHub X About Me

Turning Almost Nothing into a Supply Chain Compromise of Angular with GitHub Actions Cache Poisoning

Mar 3, 2026

cicd githubactions cache-poisoning

Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager

Feb 9, 2026

cicd ai github

Copilot or Coconspirator - Tricking GitHub Copilot and Stealing all Your Secrets

Jan 7, 2026

cicd bugbounty

Who's SHA is it Anyway: Bypassing Google Cloud Build Comment Control for $30,000

Jul 21, 2025

bugbounty cicd github

Watch your Dispatch: Race Condition in Dependabot Core CI

May 2, 2025

cicd githubactions security

(Not So) Safe{Wallet}: GitHub Actions Risks Impacting Safe''s Frontend

Feb 27, 2025