Random Chaos

Tech · Culture · Fiction

CVE-2026-3854 puts GitHub inside your trust boundary

CVE-2026-3854 enables RCE on GitHub.com and Enterprise Server. Why platform compromise becomes customer compromise across identity, secrets, and artefacts.

Apr 29, 2026

Article

ShinyHunters exfiltrated Cisco source through Trivy

Apr 29, 2026 Article

Your second factor is a phone call

Apr 28, 2026

Article physical security

A postcard breached a warship

A 5 dollar Bluetooth tracker hidden in a postcard broadcast a 585 million dollar warship's position for 24 hours. The control that failed was classification.

Apr 27, 2026

Article honeypot

Binding 65535 ports is the easy part

Architecture and evasion realities of an LLM honeypot binding all 65535 ports - TPROXY, latency tiers, fingerprint defence, and detection traps.

Apr 27, 2026

Article excel vulnerability

CISA flagged a 17-year-old Excel flaw

A 17 year old Excel flaw is being actively exploited and flagged by US cyber defence. Operator analysis of what failed, why, and what must change.

Apr 27, 2026

Article AI agents

Engineering teams keep granting agents production database writes

AI agent vulnerabilities are systems engineering failures, not security failures. The fix is architectural containment, not better prompts or guardrails.

Apr 27, 2026

Article cybersecurity

Lagos published guidelines, not controls

Lagos cybersecurity guidelines describe intent, not enforcement. An operator analysis of why policy without system-level controls does not stop attackers.

Apr 27, 2026

Article cybersecurity

Pick offense or defense

Two paths into infosec - offense and defense - broken down at the mechanism level. Foundation, tooling, telemetry, and the divergence point.

Apr 27, 2026

All articles → All stories →

The Wire — latest

All →

Stay in the loop

New writing delivered when it's ready. No schedule, no spam.