cybersecurity
43 posts
The Open Courts Act exposes what PACER fees hid
PACER's per-page fee was an accidental privacy brake. Making court records free is right - but only if redaction, governed bulk access, and security replace it.
curl pauses security report intake for July
curl is closing its vulnerability intake for July 2026 to survive AI-generated report spam, and the precedent it sets for open source disclosure.
1994's eight fallacies hit AI agents harder
The eight fallacies of distributed computing turn 21, and autonomous AI agents make every one of those architectural assumptions more dangerous.
Forum sellers timestamp breaches before victims notice
A cybercriminal's first forum sales thread is often a fresh breach - a timeline anchor, an attribution leak, and the earliest warning most orgs ignore.
The door Mythos left unlocked
Mythos is an identity management failure. Privileged access boundaries were not enforced. Lateral movement reached sensitive data.
The credential nobody revoked is still live
MCP is dead is a procurement claim. Until integrations are removed and trust artefacts revoked, runtime exposure is unchanged.
Your SSD is leaking what you're doing
How websites can use SSD response timing as a covert channel to infer user activity, and what browsers and users can do about it.
YouTube built a checkbox, not a detector
YouTube's automatic AI-generated video label is a disclosure system, not a detector. Here's what it actually does for cybersecurity and what it doesn't.
Your AI sessions are outside your control perimeter.
A board-level risk statement on the Claude AI file exfiltration demonstration: control failure, exposure, and what must be true going forward.
Your privacy settings are decoration.
Privacy is no longer a default state. A former black hat defines what failed, why it failed, and what operators must now assume.
Forge guardrails took an 8B model from 53% to 99%
A Show HN post says Forge guardrails took an 8B model from 53% to 99% on agentic tasks. Here's what that means for security and reliability.
March 2019 changed who reads binaries
Free disassemblers and decompilers changed who can audit binaries. The defender, attacker, and AI safety implications are now playing out in practice.