Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- Critical HP Poly VoIP Bug Gives Attackers Root Access - CVE-2026-0826 enables unauthenticated root-level code execution on affected HP Poly VoIP phones when ICE is enabled.
- Do not let AI agents turn metrics into damage - Agentic misalignment is an access-control problem. Limit what AI agents can reach, change, and optimize before their shortcuts become operational risk.
- Dutch server seizure exposes the afterlife of bad hosting - The key issue is not only 800 seized servers. It is whether sanctioned Russian-linked infrastructure kept operating through related hosting companies.
- Ethereum Maps a Registry-First Route to Post-Quantum Security - Ethereum researchers are exploring a validator key registry that could enable a gradual transition to post-quantum cryptography without an immediate consen
- FBI Crime Data Highlights Persistent Privacy Risks - The FBI’s latest Internet Crime Report offers a practical view of how identity exposure, fraud, and privacy failures continue to drive online crime.
- Ghost CMS flaw turns real sites into ClickFix traps - Attackers are abusing CVE-2026-26980 to steal Ghost Admin API keys, inject JavaScript into legitimate articles, and push fake CAPTCHA malware lures.
- Kirki and Burst Statistics flaws need post-patch checks - Active exploitation against Kirki and Burst Statistics turns routine WordPress plugin updates into account-integrity and admin-access checks.
- Michigan Signals the Next Phase of AI Infrastructure Buildout - OpenAI has begun construction on a 1GW Michigan data center, highlighting how AI growth increasingly depends on large-scale physical infrastructure.
- New Web Features in May: Styling, Media, and Device Updates - Explore stable and beta web platform updates in May 2026, including container queries, lazy-loading media, Picture-in-Picture, and Web Serial API expansion
- npm worms are now a CI/CD trust problem - Unit 42’s updated report shows npm attacks shifting from typosquats to self-propagating campaigns that abuse tokens, package publishing, and CI/CD workflow
- Preinstall persistence shows where provenance breaks - Microsoft’s Red Hat npm Miasma report shows how trusted publishing can still deliver poisoned packages when the CI/CD path is compromised.
- Rapid7 Expands Nordic Reach Through Exclusive Networks - Rapid7 and Exclusive Networks have expanded their Nordic partnership. The announcement signals a push toward service-led security operations rather than a
- Recording ICE Is Protected. Retaliation Is the Risk - The ACLU says people have a First Amendment right to record ICE and other federal agents, but hundreds have reportedly faced retaliation for doing it.
- Risky Business #840: disclosure risk becomes operational - Risky Business #840 shows why Microsoft’s researcher walk-back matters beyond drama: disclosure posture, location data, backups, and open-source supply cha
- Tails 7.8 Fixes a Security Weak Point - Tails 7.8 addresses privilege-escalation vulnerabilities and changes how Thunderbird updates are delivered to reduce security lag.
- TeamPCP shows why trusted packages are not safe by default - A reported TeamPCP wave hit VS Code, PyPI, and npm paths in the same week. The common failure was trust: verified publishers, official packages, and auto-u
- UK tokenization plan: innovation, but inside the rails - The FCA and Bank of England are treating tokenization and stablecoins as market infrastructure questions, not a loose crypto experiment.
- Verizon VoLTE Signaling Risk: What VU#615987 Actually Shows - CERT/CC says Verizon VoLTE SIP signaling has lacked IPsec integrity protection. The useful question is not panic, but what evidence proves mitigation.
- VPN bans would hit more than age-gate evasion - Freedom of the Press Foundation warns that restricting VPNs would weaken tools journalists use to research sensitive targets, protect sources, and reduce n
- When settlements become political leverage - FPF argues that Paramount’s Trump settlement and weak attorney discipline helped normalize a dangerous use of courts and regulators as political pressure t
- 2026 MASA Assessment Confirms Android App Security Updates - Mullvad’s Android app passes MASA for the second time, fixing minor UI and data handling issues while improving transparency and compliance.
- ADK for Kotlin brings agents closer to Android data - Google’s ADK for Kotlin and Android 0.1.0 can reduce agent orchestration work, but teams still need to verify data flow, tool scope, logs, and cloud fallba
- Age Checks Turn Web Access Into Identity Exposure - EFF warns that age verification mandates create new privacy risk by forcing users to disclose sensitive identity data just to access the web.
- AI Opt-Outs Are Starting to Look Like Data-Broker Playbooks - A new study argues that major AI providers are adopting privacy opt-out patterns long criticized in the data-broker industry. The key issue is not whether