GigaTap knowledge base with practical VPN, privacy, OPSEC, software security, and tool-adoption guides.
- English article archive - Full static archive of English articles.
- Russian article archive - Full static archive of Russian articles.
- VPN guides - Setup, client import, troubleshooting, and protocol notes.
- Privacy guides - Browser hardening, public Wi-Fi, tracking, and data hygiene.
- Security guides - Supply-chain risk, tools, AI-agent boundaries, and defense notes.
- OPSEC guides - Threat models, compartmentalization, and safer daily workflows.
- Crypto clipper adds Tor and worm-like spread to theft model - Microsoft analysis shows crypto clipper evolving into a persistent threat combining clipboard hijacking, Tor-based control, and worm-like propagation.
- US Government AI Inventory Raises Privacy Questions - US agencies list 3,611 AI use cases, exposing gaps in transparency and raising questions about automated decision-making and privacy.
- BCI moves from trial to real use as AI national strategy expands - A brain implant user with ALS signals early real-world BCI use while South Korea accelerates national AI focus and infrastructure alignment.
- Canada’s Bill C-22 Pushes Encryption Toward Built-In Access Risk - Bill C-22 expands surveillance powers in Canada and introduces mechanisms that could force access paths into encrypted systems, raising structural privacy
- Postinstall payloads in npm supply chains and Mastra breach - Mastra npm packages were compromised through a postinstall hook that executed during install, exposing CI/CD pipelines and developer environments to remote
- Security beyond benchmarks: Microsoft MDASH moves to production - Microsoft’s MDASH moves from benchmark success into live engineering pipelines, embedding AI-driven vulnerability discovery directly into DevSecOps workflo
- VHDX Delivery Chain Hides Remcos RAT via JavaScript Stage - A ZIP file uses a VHDX disk image to expose JavaScript after auto-mounting on Windows, leading to Remcos RAT deployment through layered execution.
- Wolf Gallery and the F-Droid packaging bottleneck - Wolf Gallery’s F-Droid request shows how strong local encryption and offline design still depend on packaging work before reaching users through trusted di
- Schibsted Pay or Okay raises consent legality questions - Schibsted’s Pay or Okay rollout faces a complaint in Norway over whether paid opt-outs still count as freely given consent under GDPR.
- Abortion Access Blocks Across 7 Countries via Network Censorship - OONI data shows Women on Web blocked across seven countries using DNS and TLS interference, revealing how network censorship impacts abortion access.
- AI branding as phishing leverage in modern attacks - Threat actors are using AI platform branding as a trust layer on top of standard phishing infrastructure, increasing engagement without changing core attac
- AI coding agents need access, not custody - 1Password’s Codex integration points to a cleaner model for agentic development: scoped, just-in-time credentials that stay out of prompts, code, terminals
- AI found the bugs. Now comes the patch problem - Anthropic’s Project Glasswing reportedly surfaced thousands of serious vulnerability candidates. The real issue is the widening gap between discovery, vali
- AI Security Budgets Shift From Tools to Control - AI security budgets are moving toward lifecycle governance of agentic systems. Visibility is no longer enough without enforcement across development and pr