All topics

security

42 pieces of writing

MCP gave AI tools a standard interface. Researchers found it was also an attack surface.
security12 min read

MCP gave AI tools a standard interface. Researchers found it was also an attack surface.

MCP promised to be the USB-C port for AI. Researchers found it was more like an unlocked door with a welcome mat for attackers.

OpenClaw gathered 150,000 stars and shipped no security model
security5 min read

OpenClaw gathered 150,000 stars and shipped no security model

security9 min read

Kazu stole 400,000 medical records from New Zealand's largest patient portal with valid credentials

security9 min read

Sandworm hit thirty Polish energy sites in a single night

Russia's Sandworm hit Poland's power grid on the coldest night of the year, deploying a new wiper across thirty facilities including renewable plants and a major heat-and-power station. The attack failed to cause blackouts - but it damaged equipment beyond repair and proved that distributed energy is now a target.

security10 min read

ASIO named Salt Typhoon and Volt Typhoon out loud. Beijing called it a false narrative.

UNC5221 stole F5 source code and its customer list
security8 min read

UNC5221 stole F5 source code and its customer list

security7 min read

Basic ransomware hit one airport software vendor and grounded five European airports overnight

A piece of ransomware described as 'incredibly basic' hit a single software platform and grounded five European airports overnight. The problem wasn't the malware - it was the architecture.

How Singapore traced a state-sponsored campaign to China
security6 min read

How Singapore traced a state-sponsored campaign to China

security7 min read

Predatory Sparrow hit Iran's banking system and called it a warning

The Coinbase insider who sold four hundred thousand customer records
security8 min read

The Coinbase insider who sold four hundred thousand customer records

Coinbase disclosed that criminals bribed overseas support agents to steal customer data for 69,461 users. The ransom demand was $20 million. The estimated cleanup cost is $400 million. The vulnerability was human.

When a GitHub Action rewrites its own history
security6 min read

When a GitHub Action rewrites its own history

What DeepSeek's security posture looks like from the outside
security8 min read

What DeepSeek's security posture looks like from the outside