data exposure

5 posts

Deleting the link does not recall the file

A file accessible without authentication is a file in distribution. Removing the link does not revoke access already granted.

May 23, 2026

Article

The 2021 bucket that sat open for nine years

Abandoned files, forgotten buckets, and stale subdomains are the cheapest way attackers get in. Here is how to find yours before they do.

May 20, 2026

Article

The breach scope you're quoting is fiction

Canvas breach scope is not confirmed. Operator brief on what failed, what must be assumed, and what users and institutions must do now.

May 13, 2026

Article

Every field in the Canvas tenant is lit

The Canvas LMS incident lacks field-level disclosure. Treat every identity attribute, message, and uploaded file as exposed until the platform proves otherwise.

May 12, 2026

Article

The number on the screen is a guess

The Canvas hack scope is not confirmed. A senior operator breakdown of what failed, what is rumour, and what users must now do.

May 12, 2026