Articles
Long-form writing on tech, culture, and the edges of the internet.
Four Windows 11 zero-days on one desk
One researcher controls the release cadence on four Windows 11 zero-days, including BitLocker bypass yellowkey and LPE greenplasma.
Polymarket breach claim, act now
Threat actor xorcat publicly claims a 300,000-user Polymarket data leak. Operator brief on contested boundary state, user exposure, and required posture.
Reporting the Canvas breach details is malpractice
Canvas LMS breach analysis where vector, scope, and data classes remain unconfirmed, and what structural identity exposure that creates.
The record count is not the breach
A board-level brief on the healthcare data breach: access governance did not hold at runtime, and assurance must now be proven, not assumed.
Wiper hits Venezuelan cyberattack victims
A wiper identified in the Venezuelan cyberattack resets the threat profile from intrusion to destruction. What failed, what it exposes, what must change.
Your perimeter is not absorbing this
AISLE published 38 CVEs against OpenEMR. What the volume confirms, what remains unconfirmed, and what operators must verify per deployment.
GTFOBins catalogues privilege misconfiguration
GTFOBins documents a structural property of Unix privilege: grants bind to binaries, not operations, and the gap is the escalation surface.
The kernel commit lands. Your fleet is exposed.
Linux kernel CVEs publish without distro pre-notice. The exposure window opens at upstream commit, not at advisory. Measure the right number.
The router is signing its own logs
Iran's claim about US backdoors in networking equipment describes an exposure pattern already present. The device is an actor, not infrastructure.
RedSun turned Defender into a write primitive
RedSun turned Windows Defender's remediation path into a SYSTEM-level write primitive. The mechanism, the class, and what it exposes.
Paying the ransom buys nothing here.
A ransomware build that destroys files is a wiper. The defensive failure is execution authority over data, not cryptography.
Unknown party drops funnyapp.exe Windows zeroday
A zeroday privilege escalation binary named funnyapp.exe exposes the Windows default trust model. What failed, what it exposes, what must change.