<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Shahad Pichen</title><description>Notes on things I&apos;m building and learning as an engineer.</description><link>https://shahad.dev/</link><item><title>Polin Rider Attack</title><link>https://shahad.dev/blog/polin-rider-attack/</link><guid isPermaLink="true">https://shahad.dev/blog/polin-rider-attack/</guid><description>How a supply-chain attack stole our CTO&apos;s token, rewrote our repositories, and quietly reached my own account — a first-person account of the PolinRider / Glassworm incident, and what it taught me about trust, Git, and backups.</description><pubDate>Thu, 02 Jul 2026 00:00:00 GMT</pubDate></item><item><title>Recovering from the Polin Rider Attack</title><link>https://shahad.dev/blog/recovering-from-the-polin-rider-attack/</link><guid isPermaLink="true">https://shahad.dev/blog/recovering-from-the-polin-rider-attack/</guid><description>The technical field report: how a stolen GitHub PAT was used to force-push malware into four repositories I had write access to, how I found it, and the exact commands I used to recover every repo from a clean local copy — and to reconstruct one where I had no local copy at all.</description><pubDate>Thu, 02 Jul 2026 00:00:00 GMT</pubDate></item></channel></rss>