Random Chaos

Tech · Culture · Fiction

Your second factor is a phone call

SMS 2FA on PayPal is a routing decision, not a credential. The session cookie is the boundary, and attackers have already routed around the factor.

Apr 28, 2026

Article

A postcard breached a warship

Apr 27, 2026

Article

Binding 65535 ports is the easy part

Apr 27, 2026

Article excel vulnerability

CISA flagged a 17-year-old Excel flaw

A 17 year old Excel flaw is being actively exploited and flagged by US cyber defence. Operator analysis of what failed, why, and what must change.

Apr 27, 2026

Article AI agents

Engineering teams keep granting agents production database writes

AI agent vulnerabilities are systems engineering failures, not security failures. The fix is architectural containment, not better prompts or guardrails.

Apr 27, 2026

Article cybersecurity

Lagos published guidelines, not controls

Lagos cybersecurity guidelines describe intent, not enforcement. An operator analysis of why policy without system-level controls does not stop attackers.

Apr 27, 2026

Article cybersecurity

Pick offense or defense

Two paths into infosec - offense and defense - broken down at the mechanism level. Foundation, tooling, telemetry, and the divergence point.

Apr 27, 2026

Article microsoft teams

The helpdesk chat window is the breach

Microsoft Teams helpdesk impersonation succeeds because identity verification is placed at the channel boundary, not at the credential action.

Apr 27, 2026

Article hardware implant

The power adapter was the attack

A WiFi camera concealed in a hotel power adapter transmitted to a foreign server. The boundary failed at the physical layer.

Apr 27, 2026

All articles → All stories →

The Wire — latest

All →

Stay in the loop

New writing delivered when it's ready. No schedule, no spam.