RC RANDOM CHAOS
RC RANDOM CHAOS

Tech · Culture · Fiction

Article

CVE-2026-3854 puts GitHub inside your trust boundary

CVE-2026-3854 enables RCE on GitHub.com and Enterprise Server. Why platform compromise becomes customer compromise across identity, secrets, and artefacts.

Article physical security

A postcard breached a warship

A 5 dollar Bluetooth tracker hidden in a postcard broadcast a 585 million dollar warship's position for 24 hours. The control that failed was classification.

Article honeypot

Binding 65535 ports is the easy part

Architecture and evasion realities of an LLM honeypot binding all 65535 ports - TPROXY, latency tiers, fingerprint defence, and detection traps.

Article excel vulnerability

CISA flagged a 17-year-old Excel flaw

A 17 year old Excel flaw is being actively exploited and flagged by US cyber defence. Operator analysis of what failed, why, and what must change.

Article AI agents

Engineering teams keep granting agents production database writes

AI agent vulnerabilities are systems engineering failures, not security failures. The fix is architectural containment, not better prompts or guardrails.

Article cybersecurity

Lagos published guidelines, not controls

Lagos cybersecurity guidelines describe intent, not enforcement. An operator analysis of why policy without system-level controls does not stop attackers.

Article cybersecurity

Pick offense or defense

Two paths into infosec - offense and defense - broken down at the mechanism level. Foundation, tooling, telemetry, and the divergence point.

The Wire — latest

All →

Stay in the loop

New writing delivered when it's ready. No schedule, no spam.