Articles
Long-form writing on tech, culture, and the edges of the internet.
The sandbox was never the hard part
CVE-2026-40369 is a 12-byte Mojo IPC overflow in Chromium that converts renderer RCE into browser-process code execution on the host.
Your valid credentials are the breach.
Technical analysis of a coordinated GitHub Actions workflow compromise across 5,561 repositories, with detection guidance for audit log and EDR telemetry.
AI is making attackers worse, not better.
Defender telemetry through 2026 shows model-mediated attackers produce more volume, less variance, weaker adaptation. Substitution is not uplift.
CVSS 5.5 is lying to you
A nine-year-old Linux kernel flaw enables root command execution. CVSS 5.5 understates the outcome. Patch scope and operator action.
GitHub shipped optional hardening as a control
The GitHub breach follows a documented class of failure. The mechanism is identity issuance separated from validation. The industry chose documentation over enforcement.
Malicious commits breached 5,561 repositories
5,561 GitHub repos received malicious CI/CD commits disguised as bot maintenance. The failure was identity enforcement, not exploit complexity.
Microsoft flags password reset exploitation
Microsoft confirms password reset exploitation. The reset endpoint is an authentication surface and must be controlled as one.
Nginx patched. Assume breach.
NGINX issued the nginx-poolslip patch. Operator analysis of what is confirmed, what is not, and what must change at the proxy boundary.
Passkeys authenticate the moment, not the session
MFA, passkeys, and trusted IP authenticate the login moment. They do not extend to the session, the token, or the actions that follow.
Reputation is not a control
Harvard.edu and 140 other domains reported compromised. Why reputation-based controls fail when trusted origins are turned against their consumers.
Twelve bytes walked out of the sandbox
CVE-2026-40369 reduced a browser sandbox escape to twelve bytes. Analysis of what failed, why it failed, and what must change at the architecture layer.
Workflows are code, not config
CI workflow modification executes under repository trust. The control surface is the file. The boundary is the weakest identity allowed to merge.