Security
CVE-2026-1357 is a 9.8-rated unauthenticated remote code execution vulnerability in the WPvivid Backup & Migration plugin, installed on roughly 800,000 WordPress sites. An attacker can write a PHP webshell to a publicly accessible directory — no account, no credentials, one HTTP request. From there it'
Security
Trezor and Ledger users have been receiving physical letters with QR codes designed to steal seed phrases. The addresses came from breach data that's been circulating since 2020 — and refreshed by a second leak in January 2026.
Passkey adoption has hit real numbers — 800 million Google accounts, Amazon's 175 million users, Microsoft making them the default. Here's what going passwordless actually looks like in practice, and where the friction still is.
Security
Six things to run on any fresh Ubuntu or Debian VPS before you do anything else — in the correct order, with the reasoning behind each step.
Security
CrowdSec is a free, open-source intrusion prevention system that shares threat intelligence across every instance running globally. This guide covers installation, bouncers, configuration, and everything in between.
Security
Google told developers their API keys weren't secrets — and they were right, until Gemini launched on the same key infrastructure. Truffle Security found 2,863 exposed keys in the wild, including on Google's own websites.
Takes
You already know your phone tracks you. That's table stakes at this point. But what about your car? Your smart TV? The robot vacuum quietly circling your living room? These are not hypothetical threats. Real companies have sold real data on real people — sometimes without their knowledge, sometimes
Privacy
Ring ran a Super Bowl ad this year about finding lost dogs. The technology they were advertising scans your neighborhood's cameras in real time using AI, it's on by default, and Ring is already planning to expand it beyond pets. They said the feature was "
Search your name in quotes. Add the city you grew up in. Add the city you live in now. Hit enter. If you haven't done this in a while, you might be surprised what comes back — a current address, a list of relatives, an old phone number, maybe
Security
GNU InetUtils telnetd through version 2.7 contains an authentication bypass that gives an unauthenticated remote attacker a root shell in a single command. NIST scored it 9.8 Critical. CISA added it to the Known Exploited Vulnerabilities catalog on January 26, 2026. Active exploitation was confirmed before the advisory
Privacy
In 2019, Google published a blog post calling browser fingerprinting "wrong." Their exact words: it "subverts user choice." They positioned themselves as advocates for a more private web — the company fixing tracking, not enabling it. In February 2025, Google announced that advertisers on its network can
Privacy
Something about the Apple settlement that doesn't get discussed enough: the conversations Siri captured weren't edge cases. They were the kind that happen when you forget the device is there — which, with always-on assistants, is most of the time, which is exactly the problem. The