Articles
Long-form writing on tech, culture, and the edges of the internet.
MiniPlasma PoC hands attackers SYSTEM on Windows
Public PoC for the MiniPlasma Windows flaw yields SYSTEM execution. What the local privilege boundary failure means for endpoint control posture.
npm registry shipped 314 compromised packages
314 npm packages were compromised because the consumer install path does not verify publisher identity. The boundary failed at install, not registry.
npm was never a trust boundary
Technical analysis of the Shai-Hulud npm supply chain attack hitting 314 packages including echarts-for-react, size-sensor, and timeago.js.
Shai-Hulud worm compromises 314 npm packages
Shai-Hulud npm worm hits 314 more packages via compromised maintainer accounts. Mechanism, telemetry gaps, and residual exposure analyzed.
Six thousand fuel gauges answer every stranger
Six thousand exposed fuel gauges are not a vulnerability. They are a trust model that outlived the wire it was built on.
The agency was the breach.
A US cybersecurity agency published digital keys to a public GitHub repository. The exposure defines the failure class. Recovery requires rotation.
The IIS virtual directory that won't stop bleeding
Technical analysis of the Exchange Server zero-day, the frontend-to-backend trust boundary it abuses, and what fires in EDR and IIS telemetry.
The patch shipped. The install didn't.
Microsoft confirmed Windows 11 security updates are failing to install. Patch state is now a claim, not a measurement. Verify out-of-band.
Torvalds declares Linux security list unmanageable
Linus Torvalds says AI bug hunters have made the Linux security list unmanageable. An operator read on what failed at the intake boundary.
A few bytes spill onto the next heap chunk
Technical writeup of CVE-2026-42945, the NGINX rewrite module heap overflow, plus what it means for LLM deployments sitting behind the proxy.
A handle, a token, a SYSTEM shell
MiniPlasma is not a kernel defect. It is the externally visible behaviour of a trust model that confuses reference with verification.
An NGINX worker just crashed in production
Board-level briefing on NGINX CVE-2026-42945: confirmed in-the-wild exploitation, edge exposure, control failure at runtime, and what must be established.