Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- Swat River vs hydropower: a Torwali test of consent and safeguards - Torwali communities say the Swat River is being treated as infrastructure, not a living system. A reported cabinet withdrawal is a win — but the financing,
- The Hidden Tax of Broken LinkedIn Ad Attribution - Broken attribution is not just a reporting annoyance. It drains team time, weakens LinkedIn optimization signals, and turns performance reporting into a we
- The new ~/Projects default and a week of Linux supply-chain reality - A new standard Projects directory is meant to become an app default, not just a personal habit. The same weekly digest also flags a PyPI workflow breach, a
- Trivy adoption checklist: what to verify before rollout - Trivy has broad scanning scope and active public repository signals. Before adopting it, teams should check deployment model, maintenance cadence, output h
- When F-Droid Misses Tags, Updates Go Dark - A small F-Droid tag detection issue shows why Android update delivery is a security trust chain, not just a build step.
- agenticSeek and the local AI agent trade-off - agenticSeek promises a local autonomous AI agent without paid APIs. The useful question is not the pitch, but what users should verify before trusting it.
- AWS code scanning preview targets whole-repo security gaps - AWS Security Agent now has a preview full-repository scanning feature. The key shift is context-aware review across code paths, not just pattern matching.
- Beelzebub: what to check before deploying AI deception - Beelzebub is an open source Go deception framework with AI and honeypot positioning. Here is what teams should verify before treating it as operational infrastructure.
- Canada’s C-22 Revives the Backdoor Fight - EFF says Canada’s Bill C-22 keeps core risks from an earlier surveillance bill: metadata retention, secret access orders, and unclear limits around encrypt
- Canvas portals defaced again — the real risk is user trust - ShinyHunters is reported to have breached Instructure again, exploiting a vulnerability to deface Canvas login portals for hundreds of institutions. What’s
- CISA KEV Alert: Skia and V8 Bugs Are Not Just Browser Problems - CISA added exploited Skia and V8 flaws to KEV, raising urgency for browsers, Electron/CEF apps, and rendering services.
- Composer token leak risk: update before CI logs bite - A GitHub token format change exposed a Composer error path that could print Actions tokens into CI logs. PHP teams should update Composer and review recent
- Digital Harm Is Protection Work in Conflict Zones - Access Now’s May 19 webinar highlights why civil society groups must treat digital risk as a core protection issue in crises.
- Dirty Frag: a Linux root chain that sidesteps “safe defaults” - A reported unpatched Linux kernel LPE (CVE-2026-31431) chains xfrm/ESP and RxRPC page-cache writes, aiming to reach root across common distro configuration
- Exam Shutdowns Are a Bad Anti-Cheating Policy - Exam-related internet shutdowns are spreading despite thin evidence and broad social harm.
- Hysteria: a fast proxy project for hard networks - Hysteria is a Go-based open-source proxy project aimed at censorship resistance and difficult network conditions. Here is what the repository metadata supp
- Ireland’s Meta Probe Tests the DSA’s Real Force - Ireland is investigating whether Meta’s feed design blocks users from choosing non-profiled recommendations. The case could decide whether DSA rights becom
- MetInfo RCE Is Being Exploited. Patch Timing Matters - MetInfo CMS CVE-2026-29014 is now under active exploitation. Here is what the bug does, which versions are named, and what operators should verify next.
- PAN-OS RCE: Treat Edge Exposure as the Incident - CVE-2026-0300 shows why edge-device RCE demands fast exposure reduction, containment planning, and behavioral hunting.
- Signal on F-Droid? Reproducible Builds Are Only Step One - A new F-Droid forum thread points to reproducible Signal builds, but auditability is not the same as a safe Play Store replacement.
- Trivy scans the places modern security debt hides - A concise look at Aqua Security’s Trivy: what the open source scanner claims to cover, where it fits, and what teams should verify before relying on it.
- Vendor Says Daemon Tools Supply Chain Attack Contained - SecurityWeek reports the Daemon Tools vendor says it identified impacted systems, removed potentially compromised files, and validated installation package
- When an FBI Leak Probe Tests the First Amendment - A reported FBI probe into The Atlantic’s Patel coverage raises a core press-freedom question: leak enforcement or retaliation?
- 100% package test coverage is the point, not the slogan - Chainguard says its OS tests every package automatically, with 100% package test coverage. The useful question is not whether that sounds good, but what it