Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- Crypto clipper adds Tor and worm-like spread to theft model - Microsoft analysis shows crypto clipper evolving into a persistent threat combining clipboard hijacking, Tor-based control, and worm-like propagation.
- US Government AI Inventory Raises Privacy Questions - US agencies list 3,611 AI use cases, exposing gaps in transparency and raising questions about automated decision-making and privacy.
- BCI moves from trial to real use as AI national strategy expands - A brain implant user with ALS signals early real-world BCI use while South Korea accelerates national AI focus and infrastructure alignment.
- Canada’s Bill C-22 Pushes Encryption Toward Built-In Access Risk - Bill C-22 expands surveillance powers in Canada and introduces mechanisms that could force access paths into encrypted systems, raising structural privacy
- Postinstall payloads in npm supply chains and Mastra breach - Mastra npm packages were compromised through a postinstall hook that executed during install, exposing CI/CD pipelines and developer environments to remote
- Security beyond benchmarks: Microsoft MDASH moves to production - Microsoft’s MDASH moves from benchmark success into live engineering pipelines, embedding AI-driven vulnerability discovery directly into DevSecOps workflo
- VHDX Delivery Chain Hides Remcos RAT via JavaScript Stage - A ZIP file uses a VHDX disk image to expose JavaScript after auto-mounting on Windows, leading to Remcos RAT deployment through layered execution.
- Wolf Gallery and the F-Droid packaging bottleneck - Wolf Gallery’s F-Droid request shows how strong local encryption and offline design still depend on packaging work before reaching users through trusted di
- Schibsted Pay or Okay raises consent legality questions - Schibsted’s Pay or Okay rollout faces a complaint in Norway over whether paid opt-outs still count as freely given consent under GDPR.
- Abortion Access Blocks Across 7 Countries via Network Censorship - OONI data shows Women on Web blocked across seven countries using DNS and TLS interference, revealing how network censorship impacts abortion access.
- AI branding as phishing leverage in modern attacks - Threat actors are using AI platform branding as a trust layer on top of standard phishing infrastructure, increasing engagement without changing core attac
- AI coding agents need access, not custody - 1Password’s Codex integration points to a cleaner model for agentic development: scoped, just-in-time credentials that stay out of prompts, code, terminals
- AI found the bugs. Now comes the patch problem - Anthropic’s Project Glasswing reportedly surfaced thousands of serious vulnerability candidates. The real issue is the widening gap between discovery, vali
- AI Security Budgets Shift From Tools to Control - AI security budgets are moving toward lifecycle governance of agentic systems. Visibility is no longer enough without enforcement across development and pr
- Atomic Arch Shows How Orphaned AUR Packages Become Attack Paths - Atomic Arch targets abandoned AUR packages by modifying build scripts to install malicious npm or Bun dependencies during install, enabling credential thef
- California Targets Surveillance Pricing and Privacy Risk - A California bill would ban surveillance pricing, where personal data influences what customers pay for the same product.
- ChatGPhish Shows the Phishing Risk Inside AI Summaries - Permiso’s ChatGPhish disclosure points to a practical risk: trusted Markdown rendering can make AI web summaries part of the phishing surface.
- Cinemas as civic infrastructure when speech narrows - AIHRFF shows why film can matter in shrinking civic spaces: not as a magic route to policy change, but as a platform for testimony, coalition-building, and
- Coinbase Backs Ethena, but the Risk Is in the Product Details - Coinbase Ventures bought ENA as Ethena prepares for a Coinbase savings integration. The real issue is how clearly yield, custody, and stress risks are show
- Developer Credentials Become the Supply-Chain Target - IronWorm reportedly targets developers, steals credentials, and reuses trust relationships to move through the software supply chain.
- EFF restarts LGBT Q&A Season 2 for digital privacy questions - EFF brings back LGBT Q&A Season 2, focusing on privacy risks, surveillance exposure, and anonymous digital rights questions.
- F-Droid compatibility gaps with gnirehtet reverse tethering - Reverse tethering via gnirehtet exposes a mismatch in F-Droid update logic where connectivity exists but network validation fails, blocking repository refr
- LLM agents are delegated workflows, not smarter chatbots - LLM agents can plan, call tools, and execute multi-step tasks. The value is real, but so are the risks around permissions, memory, sources, and review.
- Lost Villages Show How Ground Truth Breaks in Rakhine - Bellingcat’s Rakhine investigation shows how destroyed villages can disappear from both the ground and the record. The practical issue is evidence discipli