Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- Google’s agent stack moves from demos to developer infrastructure - Google I/O 2026 framed AI development around agents with sandboxes, CLIs, managed execution, Android skills, Chrome DevTools access, and early web standard
- Healthcare AI Is Moving Faster Than Its Evidence - AI Now’s new healthcare work focuses on the gap between vendor claims and what AI systems do to patients, workers, budgets, and accountability.
- k6 2.0 brings AI-assisted testing to the CLI - Grafana’s k6 2.0 release adds AI-oriented workflows, a clearer extension catalog, and stronger tooling for teams that need faster test authoring without lo
- LiteRT-LM makes Google’s edge AI bet more practical - Google’s LiteRT-LM pitch is less about model hype and more about the runtime details that decide whether local GenAI feels usable: memory, accelerators, MT
- Open Source Is a Security Model, Not a Slogan - Guardian Project argues that high-risk privacy tools should be inspectable by design. The useful point is not that open source is automatically safe, but t
- OpenSSF’s growth push meets CRA and AI security pressure - OpenSSF’s latest quarter is less a membership story than a sign of where open source security is moving: regulation, AI-assisted tooling, secure coding gui
- RemotePE Shows Lazarus Is Still Playing the Long Game - Fox-IT links Lazarus to a memory-only RAT used against financial and crypto targets, with staged loaders, EDR evasion, and social engineering at the front
- Robot OS flaw puts OT control paths at risk - A reported unauthenticated command injection flaw in an OT robot OS could allow remote access to robotic systems. The key task is to verify exposure, patch
- TeamPCP Turns Trusted Developer Channels Into Attack Paths - SANS reports TeamPCP activity across VS Code, PyPI, and npm, including a GitHub internal breach path, trojanized Microsoft SDK versions, and a large @antv
- Tokenized Stocks Face a Liquidity Test - Tokenized stocks can widen access, but fragmented venues may weaken pricing, liquidity, and market revenue flows.
- TrapDoor turns developer tools into credential traps - A cross-ecosystem campaign is abusing npm, PyPI, and Crates.io packages to steal developer secrets, with a newer twist: AI assistant instruction files as p
- Ubuntu Patches Intel IoT Real-Time Kernel Bugs - USN-8305-1 fixes Linux kernel issues on Intel IoT Real-time platforms, including Copy Fail in algif_aead. The patch needs a reboot, and the ABI change may
- Zero-click exposure is becoming the faster way in - Rapid7’s Q1 2026 report shows exploitation overtaking social engineering as the top initial access vector, with zero-click edge flaws, pure extortion, and
- AWS KY3P report gives customers a cleaner risk evidence path - AWS has completed its S&P Global KY3P assessment. The report can help customers reduce duplicated supplier due diligence, but it does not replace their own
- AWS Managed AD gets API-driven identity controls - AWS now lets teams manage AWS Managed Microsoft AD users and groups through Directory Service Data APIs. The useful shift is not just automation, but faste
- Chinese PhaaS moves past password theft - GTIG says Chinese-language phishing services are maturing into real-time MFA interception platforms, making OTP-based defenses a weaker line.
- ChromeOS LTS gets a quiet but serious security update - ChromeOS LTS-144 version 144.0.7559.252 fixes multiple high-severity flaws across Navigation, Blink, Viz, CSS, Media, Extensions, Web Speech, and WebCodecs
- Docker’s Gordon brings AI into the container workflow - Docker’s new Gordon agent can inspect logs, Compose files, images, and local Docker state, then propose approved fixes. The value is context; the risk is h
- Drupal SQL Injection Bug Is Already Being Probed - CVE-2026-9082 affects PostgreSQL-backed Drupal sites. Exploit attempts are now being detected, making patch status and database backend checks urgent.
- EOL Dependencies Need Their Own Risk View - Sonatype’s HeroDevs dashboard points to a real supply-chain gap: unsupported dependencies are not just old packages, and CVE workflows alone may not resolv
- GitHub’s probe puts repository trust back in focus - GitHub said it was investigating unauthorized access to internal repositories. The current facts are narrow, but the operational lesson is broad: repositor
- Kali365 Shows the New MFA Phishing Problem - The FBI says Kali365 abuses Microsoft’s device code login flow to hijack Microsoft 365 sessions. The risk is not just stolen passwords. It is users authori
- Kenya’s protest rights face continental scrutiny - ARTICLE 19 used an African Commission session to raise concerns over Kenya’s digital freedom, media freedom, and the right to peaceful assembly.
- Laravel Lang Backdoor: Check Composer Before Secrets Leak - Socket reports a compromise in third-party Laravel Lang packages, with malicious Composer autoload code able to execute and harvest cloud, CI/CD, and devel