Articles
Long-form writing on tech, culture, and the edges of the internet.
Patched Microsoft is still exploitable Microsoft
Exchange and Windows 11 were exploited on day two of Pwn2Own. Operator briefing on what is confirmed, what is not, and what must change.
Stealth Playwright breaks your bot detection
A circulating stealth Playwright Firefox build is reported to pass antibot and captcha, exposing the limits of any control that delegates verification to the client.
Stop counting findings
Pentest reports are calibrated to finding count, not exploitability. The metric the buyer evaluates becomes the work product.
The malware leaked itself, not the defenders.
Needle cryptostealer shipped with a plaintext API key in the Rust binary. One string exposed 1932 victims and the withdrawal config.
The patch is the payload
Three critical Linux kernel LPE findings in two weeks, one introduced by a fix. The defect is the patch pathway, not the bug.
Third party broke kernel LPE embargo
A kernel LPE entered public circulation when a third party broke the disclosure embargo. The control under review was the agreement, not the patch.
Attacker code ran on Foxconn's floor
Foxconn ransomware breakdown: what failed, why scale is not a control, and why continuous validation of identity and execution is the only defence.
Microsoft disclaims European sovereign cloud under oath
Microsoft's France legal affairs director told the Senate under oath he cannot guarantee European sovereign cloud data stays out of US reach.
NVD stopped, your scanner didn't notice
NVD enrichment is no longer keeping pace with CVE volume. What that breaks inside vulnerability management programs, and what operators must now own.
Shai-Hulud goes public
Shai-Hulud worm published to GitHub by teampcp. What is confirmed, what is not, and the publication interval that matters.
A junior operator, an API key, a hundred payloads
Google warns AI-powered hacking has reached industrial scale. Practical operational resilience steps for defenders facing faster, cheaper, adaptive attacks.
Dirty Frag races the refcount
Dirty Frag (CVE-2026-XXXX) is a Linux kernel page migration race yielding root LPE on all major distros. Mechanism, telemetry, and patch boundary.