Tech · Culture · Fiction
Article An open door where the gate should be
GitHub's AI agent returned private repo content when tricked, proving it holds read reach across the private boundary with no enforced refusal.
A valid go.sum hash proves nothing
Argegy is not a CVE. It's a Go supply chain claim against go-ethereum - module trust, init() execution, T1195, and where telemetry goes blind.
Compiling Python to metal deletes your security boundary
Compiling Python 3.14 to native code removes the interpreter that revalidated logic on every run, collapsing continuous trust into a single build-time event.
Your hypervisor was never a wall
CVE-2026-53359 Januscape is a KVM/x86 guest-to-host escape: granted guest access reached the host, proving isolation trusted by placement is not a control.
Kalshi ships an unauthenticated oracle
Kalshi resolves contracts against unauthenticated public news feeds - an oracle-manipulation flaw that lets crafted narratives move regulated markets.
Not a pricing problem
Why security automation like Splunk SOAR and ML triage costs more than the engineer it replaced: systems execute on referenced trust, not verification.
Vectra lifted bearer tokens off Teams disk
Why Microsoft Teams session tokens leak between workspace and consumer accounts, how bearer-token replay bypasses MFA, and what fires - and doesn't - in telemetry.
The Wire — latest
All →- Canada's Lone Watchmaking School Faces a Move After 80 Years in Trois-Rivières
- China hands death sentence to Nanjing official over $325M in bribes
- Davit: a free, native SwiftUI front-end for Apple's container platform
- Dua Lipa launches a permanent banned-books library inside Porto's Livraria Lello
- EU Mandates In-Cabin Driver Attention Cameras in All New Cars From July 2026
- GAO Warns DOE Rules Out Cheaper Nuclear Cleanup Options Too Early
- Germany Recruits Skilled Workers, Then Loses Them to Bureaucracy and Language Barriers
- GitLost: Prompt Injection in GitHub's Agentic Workflows Leaks Private Repos
- Herdr: a tmux-style terminal multiplexer built to wrangle coding agents
- Hidden backdoor in Tenda router firmware grants unauthenticated admin access
Stay in the loop
New writing delivered when it's ready. No schedule, no spam.