Articles
Long-form writing on tech, culture, and the edges of the internet.
Kernel bug leaks the SSH host key file
A Linux kernel flaw disclosed this month can expose SSH host keys. What failed, what it exposes, and what operators must now make true.
Microsoft confirms Exchange zero-day under active exploitation
Microsoft confirmed an Exchange zero-day under active exploitation. Operator-level analysis of what failed, what is exposed, and what must now be true.
NGINX rewrite module bleeds memory
CVE-2026-42945 places a heap buffer overflow inside NGINX's rewrite module, on the request path. Defect class confirmed. Impact not confirmed.
Patched Microsoft is still exploitable Microsoft
Exchange and Windows 11 were exploited on day two of Pwn2Own. Operator briefing on what is confirmed, what is not, and what must change.
Stealth Playwright breaks your bot detection
A circulating stealth Playwright Firefox build is reported to pass antibot and captcha, exposing the limits of any control that delegates verification to the client.
Stop counting findings
Pentest reports are calibrated to finding count, not exploitability. The metric the buyer evaluates becomes the work product.
The malware leaked itself, not the defenders.
Needle cryptostealer shipped with a plaintext API key in the Rust binary. One string exposed 1932 victims and the withdrawal config.
The patch is the payload
Three critical Linux kernel LPE findings in two weeks, one introduced by a fix. The defect is the patch pathway, not the bug.
Third party broke kernel LPE embargo
A kernel LPE entered public circulation when a third party broke the disclosure embargo. The control under review was the agreement, not the patch.
Attacker code ran on Foxconn's floor
Foxconn ransomware breakdown: what failed, why scale is not a control, and why continuous validation of identity and execution is the only defence.
Microsoft disclaims European sovereign cloud under oath
Microsoft's France legal affairs director told the Senate under oath he cannot guarantee European sovereign cloud data stays out of US reach.
NVD stopped, your scanner didn't notice
NVD enrichment is no longer keeping pace with CVE volume. What that breaks inside vulnerability management programs, and what operators must now own.