Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- AI makes basic SaaS security harder to ignore - Microsoft’s guidance for growing businesses is vendor-led, but the practical point is real: AI tools inherit your identity, access, and data-control mistak
- Amazon’s tariff refund lawsuit tests who owns the rebate - A proposed class action says Amazon passed tariff costs to customers but did not refund them after the tariffs were ruled unlawful. The claim is still unpr
- EFF’s email tracking change tests consent in practice - EFF says most privacy policy changes are clarifications, but one new option matters: explicit opt-in tracking for email opens and clicks.
- ICE detention expansion raises a capacity and abuse risk - The ACLU says ICE detention is being scaled toward 96,000 people despite deaths and severe conditions. The core issue is capacity without matching accounta
- KernelSU and F-Droid: the real issue is build trust - A short F-Droid Forum question about KernelSU points to a larger Android root-tool problem: users are not only choosing features, but deciding which build
- LibrePlan 1.6.0 improves the work around the plan - The open-source project management platform adds email workflows, risk tracking, and broader language support. The useful question is how much friction it
- MiniPlasma PoC puts Windows SYSTEM access in play - A public PoC for the MiniPlasma Windows zero-day reportedly gives SYSTEM privileges on fully patched systems. Treat it as a post-compromise accelerant, not
- Shittier: an unconventional formatter worth checking carefully - Shittier is a TypeScript code formatter project with visible GitHub interest. The useful question is not hype, but whether its behavior fits your workflow.
- Short dramas show where AI media scales first - China’s short-drama boom shows why AI fits high-volume entertainment: the format is already fast, modular, trope-heavy, and built for constant testing.
- Siri auto-delete could make Apple’s AI pitch clearer - Apple’s reported auto-delete option for future Siri chats would fit its privacy strategy, but the real test is what gets deleted, when, and by default.
- Surveillance Abuse Needs Hard Limits - EFF’s new guide argues that weak oversight, vague laws, and poor remedies are letting digital surveillance abuses become routine in the Americas.
- Teams loses Together Mode as Microsoft trims the interface - Microsoft is retiring Teams’ pandemic-era Together Mode. The change looks less like a crisis and more like product cleanup after the remote-work surge.
- Terraria cross-play is finally moving closer - Re-Logic says cross-play is “on deck soon” as Terraria turns 15, with update 1.4.6, collector items, and a retrospective book also in view.
- The missing open-source AI app for Android - An F-Droid Forum question shows why private, open, current AI on Android is still a hard product to build — and how users should evaluate the trade-offs.
- The Musk-OpenAI trial puts AI trust on the stand - Closing arguments turned on Sam Altman’s credibility, Musk’s own record, and a larger problem: private AI labs still ask the public to trust what outsiders
- The real MCP story is workflow control - A Zapier case study shows how a small real estate team used MCP to move beyond fixed automation triggers and build an AI agent around CRM, email, and lead
- Your Trusted Admin Tools Are Part of the Attack Surface - PowerShell, WMIC, Certutil, MSBuild and other legitimate utilities can hide attacker activity in plain sight. The practical answer is context, baselines, a
- AI Abuse Starts With Ordinary Data - A professional headshot and a private phone number show the same AI-era risk: data shared for one purpose can be reused in ways people never consented to.
- Before You Add a Terminal Logo Tool - shinshin86/oh-my-logo looks like a harmless CLI flourish. Before putting it in shared workflows, check license clarity, install path, update signals, and f
- Chainguard lowers RPM friction for regulated Linux teams - Chainguard’s RHEL 9/10 RPM support and FINOS membership point to a practical goal: make secure Linux modernization less disruptive for financial institutio
- Cisco SD-WAN auth bypass: why CVSS 10 matters - Cisco patched a maximum-severity Catalyst SD-WAN Controller authentication bypass and says it has been exploited in limited attacks.
- Google Pay Adds Clearer Rules for Future Charges - Google Pay API now lets developers describe subscriptions, deferred payments, and automatic reloads more precisely inside merchant initiated transaction fl
- node-ipc on npm was tampered with — credentials were the target - A reported compromise of the popular `node-ipc` package turned a routine npm dependency into a credential-theft risk. Here is what is known, what is not, a
- ship-safe scans the new agent-era security seam - A public GitHub project claims checks for CI/CD drift, agent permissions, MCP tool injection, secrets, and AI dependency risk. Useful idea, but verify scop