Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- Mini Shai-Hulud: Where SLSA L2 Breaks - Valid SLSA attestations did not prevent a CI/CD compromise. Cache poisoning and token leakage exposed the limits of SLSA L2 isolation assumptions.
- Node-gyp Supply Chain Worm: Install-Time Execution Risk - A npm supply chain worm abuses node-gyp install-time builds via binding.gyp, bypassing lifecycle-script monitoring and exposing CI and cloud credentials.
- PoC-in-GitHub update: useful signal, weak proof - A fresh PoC-in-GitHub auto update is worth triage, but it does not prove exploitability, active abuse, or patch priority by itself.
- Push MFA Is the Weak Link Attackers Keep Pressing - Prompt bombing does not break MFA. It exploits weak MFA design, stolen passwords, and a user asked to approve a login with too little context.
- Reconstructing AI activity in security investigations - Microsoft defines a structured way to rebuild AI interactions into a coherent investigative timeline using scope, context, and signal across security telem
- ShinyHunters Exploit Hits PeopleSoft Before Patch Window Closed - UNC6240 activity shows zero-day exploitation of Oracle PeopleSoft Environment Management, heavily impacting higher education systems before advisory releas
- SignalTrace ALPR: From vehicle tracking to identity graphs - Roadside ALPR systems are merging plate reads with device signals, shifting surveillance from vehicles to probabilistic identity inference.
- Skill scanners fail against adaptive agent supply chain attacks - Static scanners for agent skills break under simple obfuscation and indirection, exposing structural limits in current software supply chain defenses.
- Skyway Model for OSS Security and Supply Chain Risk - OpenSSF Community Day 2026 reframes OSS security as a connected system problem across tooling, identity, and governance in the software supply chain.
- Supply-Chain Warnings Hide in Ordinary Access Sales - Underground GitHub access, leaked repositories, OAuth tokens, and API keys can become supply-chain risk when they touch trusted delivery paths.
- Tails 7.8.1 closes kernel escalation risk in anonymity stack - Emergency release fixes a Linux kernel privilege escalation flaw and Tor client vulnerabilities that could enable full system control under chained attacks
- TeamPCP supply chain shifts into reusable worm tradecraft - The TeamPCP campaign evolves from targeted intrusion into reusable supply-chain worming across npm and CI/CD pipelines, challenging provenance and attribut
- Turn specs into evals with ASSERT for agent testing - ASSERT converts natural-language behavior specs into executable evaluations for AI agents, aligning testing with real system intent and trace-level behavio
- Koofr Vault and the Trust Shift Behind Zero-Knowledge Storage - A look at Koofr Vault's open-source, zero-knowledge design, what it changes in the trust model, and what users should verify before relying on it.
- Laravel Lang tag hijack turned old versions into malware - Attackers rewrote GitHub release tags for third-party Laravel Lang packages, causing Composer installs to pull credential-stealing malware from what looked
- NetBird v0.72.3 Focuses on VPN Reliability, Not New Features - NetBird v0.72.3 hardens routing, relay fallback behavior, DNS handling, and debug-data protection while adding experimental Kubernetes support.
- North Mini Code: the operational check behind the model release - Cohere’s North Mini Code gives developers an open coding model for agentic workflows. The real test is harness reliability, tool access, and privacy risk.
- PPE Bans Raise a Larger Risk Than Reporter Safety - Restrictions on protective gear at protests may affect more than journalists. They can reduce independent observation when public scrutiny matters most.
- Secret Scanning Is Only Useful If Teams Trust the Alerts - GitHub says it reduced secret-scanning false positives with context-aware LLM verification. The bigger story is signal quality in software supply chain sec
- DOJ Press Protection Questions Move Into Court - A new FOIA lawsuit seeks records that could reveal whether statutory protections for journalists were omitted during warrant applications.
- Malicious packages turn installs into credential theft - A Sicoob-themed NuGet package reportedly stole banking API material, while npm packages targeted cloud and CI/CD secrets. The operational fix starts with a
- Who Gets to Decide Who Counts as a Journalist? - A dispute in New Jersey highlights a broader press freedom question: can police decide who qualifies for journalistic protections?
- Turning Threat Signals Into Real-Time WAF Decisions - Cloudflare now lets customers use Cloudforce One intelligence directly inside WAF rules, reducing the gap between threat detection and enforcement.
- Dependency Confusion Still Works — and Attackers Know It - A malicious npm campaign used dependency confusion to profile developer and build environments, highlighting persistent supply-chain weaknesses.