Articles
Long-form writing on tech, culture, and the edges of the internet.
Your AI security tool blocks nothing
A red team operator's breakdown of why AI cybersecurity tools are sold as controls but function as telemetry with a verdict attached.
Dutch police seized the provider
Dutch authorities seized 800 servers from a hosting firm for enabling cyberattacks. The provider tier is no longer treated as neutral.
Microsoft is sending the spam itself
Spam links sent from an internal Microsoft identity expose the limits of sender-based trust and outbound abuse controls on provider perimeters.
Ten thousand bugs from one vendor's machine
Anthropic states Mythos has produced over 10,000 vulnerability findings. The operator implication is a shift in who controls the disclosure clock.
The storefront went dark by sundown
A merchandise site linked to Kash Patel went dark after allegedly serving malware. Operator breakdown of the control gaps that made takedown the only response.
Your GitHub commits were never trustworthy
Megalodon compromised 55,000 GitHub repositories. A technical breakdown of the trust boundary that failed and what repository owners must now verify.
Z3R0DAY treats unauthorised internal scanner as hostile
An internal IP is scanning ports without authorisation. How to investigate, attribute the source, and identify the inbound session that established control.
A project name is not a threat model
Project Glasswing has been named but not defined. Without stated scope, identity model, or controls, no security assessment is possible.
CISA is holding the leak with its hands
CISA is in containment mode after a data leak. What containment actually means, what failed, and why the assurance claim is now suspended.
Deleting the link does not recall the file
A file accessible without authentication is a file in distribution. Removing the link does not revoke access already granted.
FaceTec stores non-rotatable identity material
A senior operator's position on the storage of non-rotatable biometric templates by ID verification vendors, and the exposure that condition creates.
Harvard.edu among 141 hosts serving ClickFix lures
Technical analysis of the campaign that weaponised harvard.edu and 140 other legitimate sites - entry vectors, TDS chain, MITRE mapping, EDR telemetry.