cybersecurity
43 posts
The 2021 bucket that sat open for nine years
Abandoned files, forgotten buckets, and stale subdomains are the cheapest way attackers get in. Here is how to find yours before they do.
The watermark proves almost nothing useful
OpenAI's adoption of Google's SynthID watermark is a useful but partial signal. Here's what it actually means for forensics and security teams.
What a $5 VPS honeypot taught me
An open-source honeypot probe database queryable via curl, HTTP, and MCP - what it catches, why it helps small defenders, and where the risks actually sit.
Microsoft's patch cadence is not the problem
The Exchange zero-day is the fifth in the same pattern since 2021. Why patching faster is not the fix, and what actually reduces blast radius.
Stealth Playwright breaks your bot detection
A circulating stealth Playwright Firefox build is reported to pass antibot and captcha, exposing the limits of any control that delegates verification to the client.
A junior operator, an API key, a hundred payloads
Google warns AI-powered hacking has reached industrial scale. Practical operational resilience steps for defenders facing faster, cheaper, adaptive attacks.
The router is signing its own logs
Iran's claim about US backdoors in networking equipment describes an exposure pattern already present. The device is an actor, not infrastructure.
CVE-2026-3854 puts GitHub inside your trust boundary
CVE-2026-3854 enables RCE on GitHub.com and Enterprise Server. Why platform compromise becomes customer compromise across identity, secrets, and artefacts.
Itron's 8-K names an IT intrusion
Itron disclosed an internal IT breach. Technical analysis of attack vectors, supply chain blast radius, and what utility defenders should assume.
Lagos published guidelines, not controls
Lagos cybersecurity guidelines describe intent, not enforcement. An operator analysis of why policy without system-level controls does not stop attackers.
Pick offense or defense
Two paths into infosec - offense and defense - broken down at the mechanism level. Foundation, tooling, telemetry, and the divergence point.
1,300 SharePoint servers speaking for someone else
Over 1,300 SharePoint servers expose a spoofing primitive where authentication and identity validation collapse into a single unenforced control.