Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- Kubernetes CVEs will look louder because the records were wrong - Kubernetes is updating old CVE records to show several architectural risks remain unfixed across all versions. Scanner findings may increase, but the expos
- Linux gets age-check carve-outs as state laws meet reality - California and Colorado are revising age-verification rules so open-source operating systems, repositories, and container platforms are not treated like ce
- Malicious npm package went after Claude workspace files - A reported npm package used install-time execution to upload files from Claude’s local user-data directory to GitHub, showing how AI workspaces are becomin
- Old Nexus repositories are now supply-chain risk - Sonatype warns that older Nexus Repository deployments, especially OrientDB-era systems, face serious CVE exposure. The fix is not just patching; it is mod
- OSV’s 157 Withdrawn Malware Reports Show a CI/CD Risk - Automated false positives hit npm and PyPI packages, then flowed into OSV-consuming tools. The issue is not just bad data, but enforcement built on fast-mo
- Plate Readers Are Becoming School Residency Tools - EFF’s ALPR audit-log analysis shows police using Flock Safety data for school residency checks and other low-level matters, not only serious crime.
- Ruby 4.0.5 Fixes a Runtime Memory Safety Bug - Ruby 4.0.5 is a focused maintenance release: one CVE fix, one build regression fix, and a stable-release cadence teams can plan around.
- SharePoint RCE patch: low privilege is the real risk - Microsoft patched CVE-2026-45659, a SharePoint Server RCE reachable by authenticated Site Members. No active exploitation is confirmed, but the patch deser
- Supply chain attacks punish long-lived secrets - AWS’s latest guidance is a reminder that package attacks become worse when CI/CD and developer environments expose durable credentials.
- TanStack KEV entry turns npm trust into the real risk - CVE-2026-45321 is thin on technical detail but clear on impact: malicious npm publication under trusted identity and credential-stealing risk.
- AI agents expose the stack you avoided fixing - Elastic’s checklist is a useful reminder: agent failures often start in data quality, context retrieval, legacy integration, monitoring, and governance.
- AI coding agents now need a governed supply chain - JFrog’s OpenCode integration points to a real shift: agents that install packages, publish artifacts, and add MCP servers need deterministic trust paths, n
- Akamai Signals in Auth0: Edge Risk Meets Login Control - Auth0’s Akamai Supplemental Signals support lets teams use edge bot and account-risk telemetry inside identity flows for MFA, registration denial, and more
- AntV npm compromise: why trusted packages still broke - A compromised npm maintainer account pushed malicious AntV-linked package versions that stole credentials through install hooks. The key lesson is not just
- Azure Backup for AKS dispute shows a CVE gap - A researcher says Microsoft silently fixed an Azure Backup for AKS issue after rejecting it. Microsoft says the behavior was expected. Defenders still need
- Canvas Shows How SaaS Risk Becomes Classroom Risk - ReversingLabs’ Canvas report is a supply-chain warning for schools: a SaaS weakness can become an exam-week outage, data incident, and continuity problem a
- Cargo Symlink Bug Hits Third-Party Registry Trust - CVE-2026-5223 lets malicious crate tarballs from third-party registries overwrite another crate’s cached source. crates.io users are largely protected by u
- Copilot for Eclipse Is Now Inspectable - GitHub opened the Copilot for Eclipse plugin source. The useful part is not hype; it is visibility into the IDE layer where context, prompts, chat, and age
- Django 6.1 alpha 1 is for testing, not deployment - Django 6.1 alpha 1 marks feature freeze for the next release cycle. Teams should use it to test compatibility now, but keep it out of production.
- etcd 3.7 Beta Tests a Real Kubernetes Pain Point - etcd v3.7.0-beta.0 introduces RangeStream for large result sets and starts the lifecycle pressure on 3.4 users. Operators should test now, not after GA.
- GitLab Adds a CI Component Map for Version Drift - GitLab 19.0 gives platform teams visibility into where shared CI components are used, which versions are running, and where stale pipeline standards still
- GitLab’s SBOM scanner shifts dependency triage toward exposure - GitLab 19.0 adds SBOM-based dependency scanning with transitive tracing, reachability signals, and policy enforcement. The useful part is not the SBOM labe
- Godot’s Asset Store raises a real trust-model question - A new F-Droid forum post argues that Godot’s planned move from an open Asset Library to a closed Asset Store may justify a NonFreeNet warning. The concern
- Google turns AI Edge Gallery into a local-agent testbed - AI Edge Gallery now supports MCP, notification routines, chat history, and prompt controls. The useful question is where local reasoning ends and tool exec