Articles
Long-form writing on tech, culture, and the edges of the internet.
CISA pushed GovCloud keys to GitHub
Technical analysis of a CISA admin leaking AWS GovCloud keys on GitHub - exposure mechanics, CloudTrail detection paths, and residual session risk post-rotation.
GitHub-distributed VSCode extension executed unsanctioned code
A board-level brief on the compromised VSCode extension distributed through GitHub: what it exposed, what control did not function, and what must be true.
GitHub pulls the account, the repos live on
A board-level analysis of GitHub's ban on a researcher publishing Windows zero-days alongside violent threats, and what it reveals about disclosure risk.
The agent reads the page and obeys
How Playwright-driven AI agents change the web's threat model: prompt injection, session hijacking, broken CAPTCHAs, and what to do this quarter.
The refund letter addressed to Dear [Name]
Why ChatGPT's first output is a draft, not a deliverable, and what production AI systems actually require beyond the prompt.
The WhatsApp breach was not a breach
Technical analysis of the WhatsApp dataset incident: contact discovery oracle abuse, rate-limit bypass, MITRE T1589.002, and the downstream attack surface.
Your SSD is leaking what you're doing
How websites can use SSD response timing as a covert channel to infer user activity, and what browsers and users can do about it.
Your VPN extension trusts every website you visit
A hardcoded trigger word in a million-install Chrome VPN extension let any website disable the tunnel, change exit nodes, and read open tabs.
YouTube built a checkbox, not a detector
YouTube's automatic AI-generated video label is a disclosure system, not a detector. Here's what it actually does for cybersecurity and what it doesn't.
CISA administrator published GovCloud keys to GitHub
A CISA administrator's publication of AWS GovCloud keys to public GitHub exposes the gap between cloud segregation policy and runtime control.
nginx-poolslip is mostly rumor
CVE-2026-9256 nginx-poolslip operator briefing: what is confirmed, what is not, and the standing control gap the identifier exposes.
Researchers silently exfiltrate files from Claude sessions
A live demo shows files inside Claude AI chats can be silently exfiltrated. Operator briefing on what failed, what it exposes, and what must change.