Articles

Long-form writing on tech, culture, and the edges of the internet.

cat is now an exploit

MAD Bugs establishes that cat readme.txt is not a passive read. The terminal is an interpreter and untrusted bytes are program input.

May 12, 2026 7 min read

CVE-2026-44843credential theft

Chat message steals your credentials

CVE-2026-44843 reduces credential theft to message receipt. The failure is identity boundary enforcement, not chat parsing. Operator breakdown.

May 12, 2026 6 min read

github copilotllm cost governance

Copilot's new 27x Opus multiplier breaks your budget

Copilot's 9x Sonnet and 27x Opus multipliers turned model selection into a governed engineering decision. Most teams have no routing layer.

May 12, 2026 8 min read

linux-kernelprivilege-escalation

CVE-2026-31337: Dirty Frag roots every major distro

Technical analysis of CVE-2026-31337 'Dirty Frag': a Linux kernel UAF in IP fragment reassembly giving local root across major distros.

May 12, 2026 5 min read

cve-2026-44843credential-theft

CVE-2026-44843 turns one message into credential theft

CVE-2026-44843 collapses the boundary between chat message receipt and credential disclosure. What failed, what is not confirmed, and what must change.

May 12, 2026 6 min read

linux-kernelprivilege-escalation

Dirty Frag roots every kernel

Technical analysis of CVE-2026-3490 'Dirty Frag' - a page_frag refcount UAF in the Linux kernel enabling local root on stock 5.15-6.8 kernels.

May 12, 2026 6 min read

canvas breachLMS security

Every field in the Canvas tenant is lit

The Canvas LMS incident lacks field-level disclosure. Treat every identity attribute, message, and uploaded file as exposed until the platform proves otherwise.

May 12, 2026 7 min read

linux-kernelprivilege-escalation

Kernel UAF reachable from user namespace

CVE-2026-29144 Dirty Frag - Linux kernel IP fragment reassembly UAF gives unprivileged users root across major distros. Mechanism, exploitation path, telemetry gaps.

May 12, 2026 6 min read

CVE-2026-44843credential-theft

One message, credentials gone

CVE-2026-44843 enables credential theft on inbound chat message receipt. Operator breakdown of the failure boundary and required posture changes.

May 12, 2026 7 min read

canvas breachbreach disclosure

The Canvas breach numbers are not real yet

Analysis of the referenced Canvas breach: what is confirmed, what is not, and why disclosure scope determines real user exposure in tenant-administered systems.

May 12, 2026 6 min read

vulnerability-managementsupply-chain

The dashboard pushed every critical CVE to GitHub

Technical analysis of a unified vulnerability dashboard pushed to a public GitHub repo, the scanner token blast radius, and what defenders actually see.

May 12, 2026 7 min read

linkedin leaksocial engineering

The LinkedIn leak is not a privacy incident

A LinkedIn data leak is not a privacy event. It is pre-staged targeting data for credential harvesting. Operator briefing on what must now be true.

May 12, 2026 7 min read