Articles
Long-form writing on tech, culture, and the edges of the internet.
Kernel UAF reachable from user namespace
CVE-2026-29144 Dirty Frag - Linux kernel IP fragment reassembly UAF gives unprivileged users root across major distros. Mechanism, exploitation path, telemetry gaps.
One message, credentials gone
CVE-2026-44843 enables credential theft on inbound chat message receipt. Operator breakdown of the failure boundary and required posture changes.
The Canvas breach numbers are not real yet
Analysis of the referenced Canvas breach: what is confirmed, what is not, and why disclosure scope determines real user exposure in tenant-administered systems.
The dashboard pushed every critical CVE to GitHub
Technical analysis of a unified vulnerability dashboard pushed to a public GitHub repo, the scanner token blast radius, and what defenders actually see.
The LinkedIn leak is not a privacy incident
A LinkedIn data leak is not a privacy event. It is pre-staged targeting data for credential harvesting. Operator briefing on what must now be true.
The number on the screen is a guess
The Canvas hack scope is not confirmed. A senior operator breakdown of what failed, what is rumour, and what users must now do.
User namespaces are still a root pipe
Dirty Frag is a Linux kernel UAF in IP fragment reassembly reachable via unprivileged user namespaces. CVSS 7.8. Mechanism, telemetry gaps, patch boundary.
Your inbox is now your credential store.
CVE-2026-44843 turns a chat message into credential theft. Operator briefing on what failed, what is not confirmed, and what must now be true.
Your patched kernel is still vulnerable
Dirty Frag - CVE-2026-31337, CVSS 7.8 - is a UAF in the Linux kernel's IPv4 fragment reassembly path. Container-to-host root on every major distro.
Z3R0DAY refuses to model unconfirmed Canvas breach
A breach claim referencing Canvas has been raised. Scope, vector, and data classes are not confirmed. Exposure cannot be quantified from the input.
GTFOBins catalogues privilege misconfiguration
GTFOBins documents a structural property of Unix privilege: grants bind to binaries, not operations, and the gap is the escalation surface.
The kernel commit lands. Your fleet is exposed.
Linux kernel CVEs publish without distro pre-notice. The exposure window opens at upstream commit, not at advisory. Measure the right number.