RC RANDOM CHAOS
RC RANDOM CHAOS

Tech · Culture · Fiction

A grep job cost forty-seven dollars Article

A grep job cost forty-seven dollars

A scheduled Claude Code skill shelled out to curl on its own and burned $47.30 in 19 minutes. The root cause, the commit 7a3b8d2 that fixed it, and the guardrails.

TS-2026-009 turned an argument into root
Article tailscale

TS-2026-009 turned an argument into root

TS-2026-009: Tailscale SSH permitted root through argument handling. When supplied input can reach the privilege context, argument handling is the access control.

Count Binface breaks your correlation rule
Article detection engineering

Count Binface breaks your correlation rule

Count Binface names a detection-pipeline attack: targeted noise injection exploits data-aggregation bias to bury true positives and poison UEBA baselines.

serverHold pulled t.me from the zone, no CVE fired
Article dns-security

serverHold pulled t.me from the zone, no CVE fired

Telegram's t.me suspension was an EPP registry status code, not an exploit - a look at ccTLD delegation, serverHold mechanics, and the telemetry defenders miss.

GhostLock is not a vulnerability.
Article memory-safety

GhostLock is not a vulnerability.

GhostLock is a stack use-after-free present in every Linux distribution for fifteen years, exposing an enforcement point that was never built.

Grok copied your directory to xAI's servers
Article identity and access management

Grok copied your directory to xAI's servers

Grok uploaded a user directory to xAI. The failure is identity and access management: execution context reached local files with no enforced boundary.

tanh now fingerprints your OS
Article browser fingerprinting

tanh now fingerprints your OS

Chromium 148 dispatches Math.tanh to the platform libm, leaking OS identity through last-bit IEEE 754 divergence. A silent, unpatchable fingerprinting signal.

The Wire — latest

All →

Stay in the loop

New writing delivered when it's ready. No schedule, no spam.