Articles

Long-form writing on tech, culture, and the edges of the internet.

A new tool is not a replacement

An open-source Burp alternative was built. Capability, stability, and handling of intercepted material are not confirmed. Verify before adoption.

May 17, 2026 5 min read

2fa bypassai threats

AI just broke 2FA at scale

AI was used to develop a zero-day 2FA bypass deployed at mass scale. The control's economic assumption has been falsified in the wild.

May 17, 2026 7 min read

LLM engineeringAI validation

arXiv just raised the bar

arXiv's one-year ban on unchecked LLM errors signals a shift: validation pipelines, not better prompts, now define competent AI systems.

May 17, 2026 11 min read

2fa bypassidentity security

Attackers weaponized AI to bypass 2FA at scale

A reported AI-developed zero-day 2FA bypass in mass use removes the assumption that 2FA terminates the account takeover chain.

May 17, 2026 7 min read

LLM engineeringAI systems design

Complexity theory never said that

Complexity theory does not prove human-level ML is impossible. Here is what the theorems actually say and how to design AI systems around real constraints.

May 17, 2026 8 min read

exchange zero-dayvendor trust

Your patched Exchange is already compromised

Microsoft confirms an Exchange zero-day under active exploitation. What the warning establishes, what it does not, and the defender posture required now.

May 17, 2026 7 min read

connected vehicle securitymyAudi

Audi wired vehicles into a consumer auth flow

Audi Connected Vehicle security from an operator view: the boundary is no longer the key, it is the identity layer behind the myAudi app.

May 16, 2026 8 min read

face id bypassbiometric security

Face ID was never the control

A reported Face ID bypass via avatar collapses the liveness assumption. Every downstream control trusting the boolean inherits the failure.

May 16, 2026 7 min read

fragnesialinux privilege escalation

Fragnesia is already loose

Fragnesia Linux privilege escalation has a public PoC. The kernel trust boundary is conditional on patch state. What must now be true.

May 16, 2026 8 min read

linux kernelssh security

Kernel bug leaks the SSH host key file

A Linux kernel flaw disclosed this month can expose SSH host keys. What failed, what it exposes, and what operators must now make true.

May 16, 2026 7 min read

exchange zero-daymicrosoft exchange

Microsoft confirms Exchange zero-day under active exploitation

Microsoft confirmed an Exchange zero-day under active exploitation. Operator-level analysis of what failed, what is exposed, and what must now be true.

May 16, 2026 7 min read

nginxcve-2026-42945

NGINX rewrite module bleeds memory

CVE-2026-42945 places a heap buffer overflow inside NGINX's rewrite module, on the request path. Defect class confirmed. Impact not confirmed.

May 16, 2026 7 min read