Benford's law or the first digit rule states that in many data sets, the first digit of each value tends to be small. This is not at all obvious, but it has significant implications.
There's been a recent scare that Unicode reading direction characters could be used to conceal malicious code in open-source projects. This is undoubtedly true, but that fact doesn't make it significantly harder to ensure the security of open-source code than it already is.
Building a CP/M implementation of the notorious Wordle game.
Juice-jacking is the alleged practice of getting unauthorized access to the contents of a cellphone by subverting public USB charging points. It doesn't happen, and probably never has; so why has there been a recent increase in scare stories?
What can the software industry learn from the Log4J security debacle?
How an oddity in the way UTF-8 encoding works can cause all sorts of problems for unwary developers, including security weaknesses.