Tag:cybersecurity
Pi-hole's pihole user is low-privileged. It's configured with nologin. It looks contained. It isn't. Here's how a writable file and a trusting root process combine into a clean privilege escalation path.
CVE-2026-33727 – When “Low Privilege” Isn’t Low Enough: A Pi-hole LPE Story
Pi-hole's pihole user is low-privileged. It's configured with nologin. It looks contained. It isn't. Here's how a writable file and…
Proof of Human solves the bot problem. It doesn’t solve the people problem.
World ID can prove a real human is behind an account. It can't prove that human hasn't already been phished,…
Too many rules, no real test: Untangling US Cyber Disclosure
The US has no single federal data breach notification law, just a growing patchwork of SEC rules, HIPAA, state obligations,…
Handala & MuddyWater: MDM Weaponization at Enterprise Scale
On 11 March 2026, an Iranian two-team operation destroyed 200,000 enterprise devices at Stryker without deploying a single piece of…
Why Robbing Banks Is Easy (And Why That Should Terrify You)
A globally recognized ethical hacker shares real social engineering stories from legally robbing banks across five continents. The tools change.…
Dynamic Attack Surfaces: The Professional Sports Problem
Professional sports organizations face cybersecurity challenges that don't fit traditional frameworks. With seasonal spikes, constant third-party integrations, and workforce volatility,…
Claude Jailbroken To Attack Mexican Government Agencies
A threat actor jailbroke Claude to orchestrate a month-long attack on Mexican government networks, stealing 150 GB of sensitive data.…
Jayson E Street Joins CovertSwarm
The man who accidentally robbed the wrong bank in Beirut is now part of the Swarm. Jayson E Street joins…
When Your IDE Becomes An Insider: Testing Agentic Dev Tools Against Indirect Prompt Injection
Agentic development tools don't need to bypass your firewall. They're already inside. And if an attacker can control what they…