// BLOG — FIELD NOTES FROM THE DIGITAL BATTLEFIELD
SAROJ'S LOGS_
Real-world security engineering from penetration testing war storiesto DevOps hardening guides. No fluff, just hands-on knowledge from someone who does this every day.
Low-Level Security Cloud & IaC Security DevSecOps Vulnerability Disclosure Low-Level Systems AI Security Nepal Tech
latest posts
2026-05-09 cve apache-camel jms
CVE-2026-40453: How I Found an Incomplete Fix in Apache Camel's JMS Header Filtering
The fix for CVE-2025-27636 only patched HTTP components. I found the same case-variant header injection still worked via JMS — leading to remote code execution.
~9 min read · 1711 words
2026-04-10 cve flux kubernetes
CVE-2026-40109 — Flux GCR Receiver JWT Audience and Email Bypass
TL;DR
~13 min read · 2455 words
2026-03-14 DevSecOps Security CI/CD
Are You Defending Your Code at the Right Stage?
Most teams defend their code at the wrong stage - too late, too noisy, too reactive. Here's how Shift Left and Shift Right together give you complete coverage across every...
~15 min read · 2813 words
SAROJ KHADKA · SECURITY & DEVOPS ENGINEER
KATHMANDU, NEPAL 🇳🇵 · JAI MAHAKALI
Portfolio Hire Me