Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- Chrome Beta 149: A Browser Security Checkpoint - Chrome Beta 149 for Android is out. No CVE claim is made in the source, but teams should review linked changes before stable rollout.
- Claude Opus 4.8 on GitLab: What to Check First - Claude Opus 4.8 is now available in GitLab Duo Agent Platform. The useful question is not hype; it is how teams verify long-running agent work without loos
- EPIC Coalition Targets ALPR Creep With a Tolling-Only Line - EPIC and more than 40 groups are urging Congress to limit automatic license plate readers to tolling. The practical issue is purpose control, not just data
- EPIC’s Roblox FTC Call Targets Design Risk - EPIC and child safety groups asked the FTC to investigate Roblox. The operational issue is design risk: engagement loops, currency flows, and child chat ex
- F-Droid’s Week 20 Update Shows Where Mobile Security Breaks - F-Droid’s latest news highlights a lost signing key, a new app ID, and faster CoMaps map updates. The practical lesson is to check update paths, permission
- GCHQ’s Russia warning is an operations problem - GCHQ’s warning is not a new CVE. It is a security advisory for teams that depend on UK infrastructure, suppliers, and response paths.
- Glean’s $300M signal: AI search is now a budget tool - Glean’s reported top line shows enterprise AI search moving from productivity pitch to budget-control claim. That raises harder checks for security, privac
- How Pope Leo XIV frames AI as non-neutral infrastructure - MIT Technology Review highlights one line from Magnifica Humanitas that technologists should not dodge: technology is never neutral.
- MariaDB Server 12.3 LTS: Check Before You Move - MariaDB Server 12.3 LTS is available, with 12.3.2 as the first GA. Treat it as an operations trigger: review notes, test paths, and avoid upgrade assumptio
- OpenViking makes agent memory an ops problem - OpenViking is an open-source context database for AI agents. The useful question is not hype; it is what teams must check before trusting agent memory, res
- Physical integrity is the hard part of permissionless TEEs - TEE attestation does not settle the trust question for decentralized networks. Physical integrity, verifier opacity, and operator control define the real r
- Pwn2Own Berlin shows AI tooling is now security-critical - Day One results from Pwn2Own Berlin 2026 highlight exploit work against AI tooling, local inference stacks, NVIDIA products, browsers, and OS privilege bou
- Redis May recap: what’s new, and what to verify - Redis published its May 2026 update recap. Treat it as a release-triage signal: check what changed, what affects your stack, and what not to overclaim.
- Slack Wants Your Agentic Stack in Chat - Slack’s agent push makes chat a likely control layer for workplace automation. The practical question is permissions, context, and audit.
- Snyk’s CLI agent targets the real SCA bottleneck: fixing - Snyk’s experimental CLI Remediation Agent points at the hard part of software supply chain security: turning findings into safe, reviewable fixes.
- The Marimo CVE Is Only Half the Story - A Marimo RCE gave initial access. Sysdig says the harder part was agent-driven post-exploitation: cloud keys, SSH pivoting, and a PostgreSQL dump.
- ThreatsDay Is a Triage Signal, Not a Panic List - The latest ThreatsDay bulletin is useful as an advisory queue: check exposure, exploitability, patching paths, identity controls, and user-facing risk befo
- Training Azerbaijani Models Is Now an Operational Problem - AWS shows how Azercell approached Azerbaijani LLM training on SageMaker AI. The real lesson is tokenizer evidence, artifact control, and security operation
- What behind EU digitalisation: rights or control? - EDRi argues the EU’s digitalisation push is not just a service upgrade. The operational risk sits in identity, welfare access, health data reuse, and syste
- When Privacy Risk Becomes a Chilling Effect - Schneier’s item points to a sharper privacy issue: people may stop acting publicly when identity exposure feels durable, searchable, and costly.
- Zero-Day PoCs on GitHub Change the Defender Clock - Microsoft called the releases “never justifiable,” but the practical issue is simpler: working public PoC code changes exploitability checks and patch prio
- A new lithium extraction claim needs proof at scale - Researchers report a new lithium extraction process that could be cheaper and cleaner. The useful question now is whether it survives scale-up.
- Agent build tests need fixed baselines - AWS’s AgentCore dataset workflow shows why agent evaluation needs versioned test suites, ground truth, and regression checks built from production failures
- AI Bugs Make Open Source Consumption the Hard Part - Chainguard’s warning is not just about faster bug discovery. It is about the software supply chain controls needed when maintainers, registries, and patch