Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- Package Traffic Control Moves Supply Chain Security to the Edge - JFrog’s Package Traffic Controller targets a real blind spot: package downloads that bypass Artifactory and never enter the audit trail.
- pnpm 11.4 makes locked installs harder to silently subvert - pnpm 11.4 turns tarball integrity mismatches into hard failures and tightens several install-time trust boundaries around credentials, git resolutions, pat
- Poisoned search is now finding better GPUs - Microsoft reports a cryptojacking campaign using poisoned search, fake utility downloads, DLL sideloading, and abused ScreenConnect to reach GPU-rich PCs.
- Roblox FTC complaint turns safety claims into an ops risk - EPIC says several groups backed an FTC request over Roblox child safety claims. The key issue is whether platform promises match operating reality.
- Software Supply Chain Risk Is Moving Upstream - Feross Aboukhadijeh’s TBPN interview frames the practical risk: AI is increasing dependency use, vulnerability volume, and pressure on maintainers.
- Tool sprawl is becoming an incident-response tax - A BleepingComputer webinar points at a real operational problem: network incidents slow down when responders must stitch together dashboards, tickets, chat
- AD Password Policy: Stronger Without User Friction - Strong AD password policy now means longer passphrases, breached-password blocking, usable recovery, and clear user feedback.
- Agentic AI Is Growing, But Still on a Leash - Stack Overflow’s new survey points to fast agent adoption among developers, but the workplace pattern still looks monitored, single-agent, and constrained.
- AI Agents Need a Tool Registry Before Sprawl Wins - MongoDB argues that enterprise AI agents need internal tool registries. The real point is governance: teams cannot secure or reuse tools they cannot see.
- AI DDoS Is a Readiness Problem, Not Just a Bigger Flood - The source is promotional and thin on incident detail, but the defensive signal is real: DDoS playbooks need to handle faster probing, adaptive traffic, an
- Android’s agent shift changes the developer trust model - Google’s I/O Android updates are pitched as productivity gains. The deeper issue is permission design for agents that can inspect, test, generate, port, an
- Apex One zero-day turns admin access into agent risk - Trend Micro fixed an actively exploited Apex One on-premises server flaw. The bug requires prior admin access, but it can affect the endpoint management co
- AWS’s Kiro CLI AMI workflow: useful, if reviewed - AWS shows how Kiro CLI can help draft and troubleshoot EC2 Image Builder AMI pipelines. The safe value is reviewable IaC, not prompt-driven production chan
- Bill C-22 makes VPN metadata a security issue - Tailscale warns that Canada’s Bill C-22 could push secure services to collect more data, retain more metadata, and build new access paths.
- CDT Submits Comments: Teen Chatbots Need Rights, Not Bans - CDT’s filing offers a practical lens for governing teen chatbot access without reducing minors to a risk category.
- CERT-In’s 12-Hour Patch Window Is a Warning About Exposure - CERT-In is urging faster remediation for exploited internet-facing flaws as AI-assisted attack workflows compress defender response time.
- Charter Breach Claim Exposes a SaaS Identity Weak Spot - Charter confirms a security incident after a ShinyHunters extortion threat, but disputes claims that sensitive customer and CPNI data were stolen.
- Docker’s Copy Fail fix is about kernel surface, not a breach - Docker says CVE-2026-31431 does not compromise its infrastructure, but older Docker Engine profiles exposed the AF_ALG socket surface used by the exploit p
- First VPN takedown exposes the weak side of criminal anonymity - Law enforcement says First VPN was used by at least 25 ransomware gangs. The lesson is provider trust, seized data, and criminal-market dependency risk.
- GitHub Code Quality Gets an API for Repository Rollout - GitHub’s new public preview API lets teams enable, inspect, and configure Code Quality per repository. The real value is scale: inventory, drift detection,
- Glassworm Shows Why Developers Are the New Supply Chain Target - CrowdStrike, Google, and Shadowserver disrupted Glassworm infrastructure, but the deeper lesson is about developer accounts, extensions, ads, and release t
- Google and NVIDIA Push AI Builders Toward the Stack - The 100,000-member milestone is less important than the roadmap: more structured learning around LLM optimization, GPU analytics, and agentic AI.
- Grafana’s Missed Token Shows the Real CI/CD Risk - Grafana says one GitHub workflow token missed during post-TanStack incident response allowed attackers to access private repositories.
- IntelliJ IDEA 2026.2 EAP tests AI without dropping control - JetBrains opened the IntelliJ IDEA 2026.2 EAP with deeper agent hooks, better debugging visibility, dependency completion, migration tooling, and early pla