Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- SonicWall MFA bypass shows the patch gap - Attackers reportedly bypassed MFA on SonicWall Gen6 SSL-VPN devices where firmware was updated but required LDAP remediation was not completed.
- thesvg: a useful icon package with a clear trust boundary - thesvg offers thousands of brand SVG icons for modern frontend stacks. The useful part is obvious; the package and licensing checks still matter.
- Tor Browser 15.0.14: a small update worth installing - Tor Browser 15.0.14 brings Firefox ESR and GeckoView updates plus security backports. It is a maintenance release, but users should patch promptly.
- AI Wants a World Model Now - AI companies are looking beyond fluent chatbots toward systems that can model the physical world. The promise is real, but so are the limits.
- AI-written code is becoming normal. Review is the bottleneck - Anthropic’s developer event showed how far AI coding has moved from autocomplete to delegation. The hard question is whether teams can still review what th
- Canvas breach turns platform trust into a school outage problem - A Canvas extortion incident disrupted schools during exams. The confirmed data categories are narrower than attacker claims, but the operational risk is al
- CISA GitHub Leak Shows the Cost of Exposed Build Secrets - A contractor-maintained public repository reportedly exposed privileged AWS GovCloud credentials and CISA internal system details. The known facts are seri
- Compromised npm packages put CI/CD secrets at risk - Microsoft says malicious @antv npm packages targeted GitHub Actions and cloud credentials through install-time execution.
- Copy.Fail Shows Why “Local” Linux Bugs Are Not Local - Copy.Fail is reported as a Linux kernel privilege escalation with a working PoC. The risk is not just root on one box, but shared kernels across containers
- CVEScannerV2: Nmap findings need verification - CVEScannerV2 maps Nmap-discovered services to probable vulnerability leads. Useful for triage, but its output should be verified before any security conclu
- Grafana breach shows how one CI token keeps access alive - Grafana says attackers downloaded code and internal GitHub data after the TanStack supply-chain attack. Production systems and Grafana Cloud were not affec
- Local Government Cyber Risk Is Now a Data-Rights Fight - CDT’s House testimony frames state and local cybersecurity as a privacy and public trust issue, especially if federal support weakens.
- Microsoft’s agent safety tools move testing into CI - RAMPART and Clarity show how agent safety is becoming an engineering workflow: test scenarios, design checks, and reproducible incident handling.
- Patch Tuesday gets quieter, but the patch race speeds up - Microsoft’s May 2026 update has no cited zero-days, but 118 fixes and broader vendor patch surges show how AI-assisted bug discovery may be changing securi
- Secure file sharing is only useful if it can be proven - Many businesses claim secure file sharing. The real test is whether access, encryption, link expiry, logging, and offboarding hold up in daily work.
- Snyk’s AI Security Push Moves Closer to the Code - Snyk is betting that AI-generated code needs security controls inside developer workflows, backed by partners who can implement governance at enterprise sc
- Storm-2949 shows how identity becomes the cloud perimeter - Microsoft says Storm-2949 used stolen credentials to turn identity compromise into a cloud-wide breach without malware. The lesson is narrow but important:
- The ACLU’s case for suing federal agents - The ACLU wants Congress to restore legal paths for people to sue federal officers and agencies when constitutional rights are allegedly violated.
- The web’s JavaScript trust gap - Mozilla’s new post points at a hard problem for sensitive web apps: browsers can isolate code, but users still have to trust what the server just delivered
- RightsCon Cancellation: A Lost Coordination Layer - RightsCon’s cancellation matters not only as an event loss, but as a blow to digital rights coordination infrastructure.
- AntV npm packages hit by maintainer account compromise - Snyk reports 300+ malicious package versions across the AntV ecosystem. The useful question is whether your builds installed them and what secrets were exp
- Boston Metal’s critical-metals bet is about survival - The green-steel startup raised $75 million after delays in Brazil. Its near-term test is whether higher-value metals can prove the technology before steel
- Evidence needs an archive, not just a feed - OpenArchive’s Save app shows why mobile evidence needs privacy, provenance, redundancy, and community control before platforms or devices fail.
- Fox Tempest shows why signed malware still matters - Microsoft says Fox Tempest ran a malware-signing service used by other criminal groups. The lesson is narrow but important: signatures help trust, but they