#vulnerability

4 posts

Dark red gradient cover with glowing red accent and the post title in white

May 15, 20268 min read

The Exploit Had a Docstring

Google's GTIG confirmed the first AI-generated zero-day: a 2FA logic flaw found by a criminal using an LLM, caught before mass exploitation. The code tells you what made it.

#security #ai #vulnerability #essay

Dark cover with violet purple glow and white title text

May 8, 20269 min read

A Single git push Was All It Took: CVE-2026-3854

Any authenticated user with push access to any repo on your GitHub Enterprise Server could RCE the server with one crafted push option. Here's exactly how.

#security #git #vulnerability #github

Dark cover with orange glow and Copy Fail post title

May 5, 20269 min read

Copy Fail: Nine Years in the Kernel, Zero Traces on Disk

CVE-2026-31431 lets any local user gain root with 732 bytes of Python. The on-disk file never changes. That's not a detail. That's the whole lesson.

#security #vulnerability #linux #essay

Dark cover with a glowing red accent and the post title

May 2, 20268 min read

GitHub Got Owned by a Semicolon

CVE-2026-3854 let any authenticated user pop GitHub's backend with a single git push. The bug class is older than I am. So why does it keep working?

#security #vulnerability #github #essay