Articles

Long-form writing on tech, culture, and the edges of the internet.

What a $5 VPS honeypot taught me

An open-source honeypot probe database queryable via curl, HTTP, and MCP - what it catches, why it helps small defenders, and where the risks actually sit.

May 20, 2026 6 min read

board riskcontrol effectiveness

Your bot defenses just failed

A board-level view of how a stealth Playwright build erodes the assurance value of anti-bot and CAPTCHA controls across the business.

May 20, 2026 7 min read

IoT securitybaby monitor exposure

Baby monitors exposed one million streams

One million baby monitors and cameras were viewable by unauthorised parties. What it reveals about IoT enforcement and the owner-side blindness behind it.

May 19, 2026 7 min read

aws-govcloudsupply-chain-security

CISA contractor leaked GovCloud keys to GitHub

Technical analysis of a CISA contractor's leaked AWS GovCloud admin keys on GitHub - blast radius, IAM persistence paths, CloudTrail detections, supply-chain tail.

May 19, 2026 6 min read

burp suiteweb security

I built Burp Suite in Rust

Technical breakdown of an open-source Burp Suite alternative - proxy core, fuzzer, scanner depth, Collaborator gap, and what it means for vuln research.

May 19, 2026 6 min read

vulnerability managementpatch sla

Mandiant clocked exploit window at 21 days

Mean time-to-exploit is 21 days. Vulnerability programs built on 30, 60, or 90 day SLAs are no longer enforced inside the threat window.

May 19, 2026 7 min read

exchange zero-dayvulnerability management

Microsoft Exchange zero-day hits unpatched servers

Microsoft Exchange zero-day under active exploitation. What failed, why vendor trust is a perimeter control, and what operators must do now.

May 19, 2026 6 min read

phishingmicrosoft

Microsoft sent you a code you didn't request

An unrequested Microsoft single-use code email is evidence of external interaction with your identity surface. What it proves and what it does not.

May 19, 2026 9 min read

windows zero-dayprivilege escalation

MiniPlasma PoC hands attackers SYSTEM on Windows

Public PoC for the MiniPlasma Windows flaw yields SYSTEM execution. What the local privilege boundary failure means for endpoint control posture.

May 19, 2026 6 min read

npm supply chainpackage compromise

npm registry shipped 314 compromised packages

314 npm packages were compromised because the consumer install path does not verify publisher identity. The boundary failed at install, not registry.

May 19, 2026 7 min read

npmsupply-chain

npm was never a trust boundary

Technical analysis of the Shai-Hulud npm supply chain attack hitting 314 packages including echarts-for-react, size-sensor, and timeago.js.

May 19, 2026 6 min read

supply-chainnpm

Shai-Hulud worm compromises 314 npm packages

Shai-Hulud npm worm hits 314 more packages via compromised maintainer accounts. Mechanism, telemetry gaps, and residual exposure analyzed.

May 19, 2026 5 min read