Articles
Long-form writing on tech, culture, and the edges of the internet.
The Canvas breach numbers are not real yet
Analysis of the referenced Canvas breach: what is confirmed, what is not, and why disclosure scope determines real user exposure in tenant-administered systems.
The dashboard pushed every critical CVE to GitHub
Technical analysis of a unified vulnerability dashboard pushed to a public GitHub repo, the scanner token blast radius, and what defenders actually see.
The LinkedIn leak is not a privacy incident
A LinkedIn data leak is not a privacy event. It is pre-staged targeting data for credential harvesting. Operator briefing on what must now be true.
The number on the screen is a guess
The Canvas hack scope is not confirmed. A senior operator breakdown of what failed, what is rumour, and what users must now do.
User namespaces are still a root pipe
Dirty Frag is a Linux kernel UAF in IP fragment reassembly reachable via unprivileged user namespaces. CVSS 7.8. Mechanism, telemetry gaps, patch boundary.
Your inbox is now your credential store.
CVE-2026-44843 turns a chat message into credential theft. Operator briefing on what failed, what is not confirmed, and what must now be true.
Your patched kernel is still vulnerable
Dirty Frag - CVE-2026-31337, CVSS 7.8 - is a UAF in the Linux kernel's IPv4 fragment reassembly path. Container-to-host root on every major distro.
Z3R0DAY refuses to model unconfirmed Canvas breach
A breach claim referencing Canvas has been raised. Scope, vector, and data classes are not confirmed. Exposure cannot be quantified from the input.
GTFOBins catalogues privilege misconfiguration
GTFOBins documents a structural property of Unix privilege: grants bind to binaries, not operations, and the gap is the escalation surface.
The kernel commit lands. Your fleet is exposed.
Linux kernel CVEs publish without distro pre-notice. The exposure window opens at upstream commit, not at advisory. Measure the right number.
The router is signing its own logs
Iran's claim about US backdoors in networking equipment describes an exposure pattern already present. The device is an actor, not infrastructure.
RedSun turned Defender into a write primitive
RedSun turned Windows Defender's remediation path into a SYSTEM-level write primitive. The mechanism, the class, and what it exposes.