Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- A Free Signal Guide Worth Passing Along - EFF is offering a free Signal guide in English and Spanish, plus short companion guides, to make secure messaging easier to adopt and share.
- Air-Gapped Software Deployment: What Zarf Tries to Standardize - An OpenSSF podcast episode outlines Zarf’s goal: package images, charts, and supporting files into a transferable bundle for air-gapped environments—and us
- Beelzebub: AI-shaped deception worth testing carefully - Beelzebub is a Go-based deception and honeypot framework with AI and LLM security framing. It is interesting for research, but teams should verify isolatio
- Chrome 149 hits Beta — what desktop users should watch - Chrome 149 is now in Beta for Windows, Mac, and Linux. Google’s note is sparse, so the main takeaway is the channel shift and what testers should verify ne
- Chrome Beta 149 lands on iOS, details still thin - Google has released Chrome Beta 149 for iOS, but the public note is brief: build 149.0.7827.2 is rolling into the App Store, with only a partial Git log fo
- CMMC Phase 2: The New Contract Gate for CUI - CMMC Phase 2 turns NIST 800-171 into a contract condition, while GSA awards are already enforcing the same baseline.
- Dify: a large agent workflow stack, not a small library - GitHub metadata points to Dify as a platform for agentic workflow development, with low-code/no-code, orchestration, RAG, and MCP in scope. Here is what th
- DRØGR asks F-Droid for help without giving up opsec - A developer is asking the F-Droid community to package DRØGR, a serverless P2P messenger that claims zero-persistence design and traffic-resistance feature
- Email Phishing Is Moving to Links—Here’s Why It Matters - Microsoft’s Q1 2026 telemetry shows phishing shifting toward links, QR lures, CAPTCHA gates, and resilient PhaaS operations.
- Equinox OSGi console exposure can turn into remote code execution - NVD flags CVE-2023-54344 as a critical RCE risk in Eclipse Equinox OSGi 3.7.2 and earlier. The key question is simple: is the OSGi console port reachable a
- Equinox OSGi console RCE: check if telnet is exposed - NVD describes an unauthenticated RCE path in Eclipse Equinox OSGi (3.8–3.18) via the console’s fork command over telnet. The key question: is your OSGi con
- Exposed ADB is still a botnet on-ramp for DDoS - Researchers say a Mirai-derived botnet, xlabs_v1, targets internet-exposed ADB (TCP/5555) on Android/IoT devices to build rentable DDoS capacity aimed at g
- GPU Rowhammer on NVIDIA Ampere: When GDDR Bit Flips Can Threaten Host Memory - Researchers reportedly demonstrated GPU Rowhammer attacks on two NVIDIA Ampere cards that use GDDR bit flips to gain control of CPU memory—if IOMMU protect
- HexStrike AI: agents meet 150+ security tools - HexStrike AI is a Python MCP server that claims to connect AI agents to 150+ cybersecurity tools. The repo is worth watching, but the metadata alone does n
- InvisibleMan-XRayClient: What to Check Before Using It - A practical look at the public GitHub metadata for InvisibleMan-XRayClient, what problem it appears to solve, and what users should verify before trusting it.
- Microsoft’s security push for AI agents is getting concrete - A Microsoft Security Blog roundup highlights preview agent workflow controls, a GA Defender-for-Cloud and GitHub integration, and a Purview investigation d
- Paramount's Trump Deals Face a Shareholder Records Demand - Freedom of the Press Foundation and Reporters Without Borders say Paramount should turn over records tied to reported Trump-friendly deals, editorial chang
- Prompt Injection, Real RCE: the agent-tool boundary is fragile - Microsoft details two fixed Semantic Kernel vulnerabilities showing how prompt injection can become host-level code execution when model-controlled tool pa
- Scanners-Box is a broad scanner collection, not a finished stack - A GitHub toolkit for security automation and scanner discovery, with broad coverage across analysis, pentesting, and vulnerability workflows.
- Supply Chain Attacks Expose the Real Test of Resiliency - Recent Trivy, axios, LiteLLM, and npm incidents show why cyber resiliency is an operating model: roles, rotation, pipeline trust, and exercises matter more
- Tails 7.7.2: emergency kernel fix that blocks easy privilege jumps - Tails 7.7.2 is an emergency release updating the Linux kernel to 6.12.85 to fix a critical privilege-escalation risk. The Tor Project warns a chained explo
- TanStack package breach shows the limits of trusted publishing - Socket says 84 TanStack npm artifacts were published in compromised form. The bigger lesson is structural: if attackers can run inside CI, OIDC and provena
- Tor Browser 16.0a6 alpha: updates in, but testing risk stays - Tor Browser 16.0a6 is out on the Alpha channel with Firefox security updates and dependency bumps. Tor Project reiterates: Alpha is for testing, not for at
- Upsonic and the hard part of building AI agents - A plain look at Upsonic, a Python agent framework that claims to build autonomous AI agents, and the checks readers should run before adopting it.