-
Threat Intel for $0: Building a Passive Dashboard That Actually Blocks
I got tired of tabbing between CISA KEV, abuse.ch, and a dozen bookmarks. So I built a single passive console that surfaces actively exploited CVEs, live malware URLs, and botnet C2 IPs — for free, no API keys, and with a blocklist endpoint you can actually feed into nginx or ufw.
-
CVE-2026-31431 “Copy Fail” — Linux Kernel Local Privilege Escalation
A nine-year-old logic bug lets any local user become root — no race conditions, no disk trace, and a public exploit already in the wild. Here’s what it is and how to fix it on Ubuntu right now.
-
DKIM Pass. DMARC Pass. Verified Checkmark. Still Phishing.
DKIM pass. DMARC pass. Verified checkmark. Still a social engineering attack. Here’s why every technical trust signal was meaningless — and what actually catches this.
-
IR Without a SIEM: Responding to a Supply Chain Event in Under an Hour
A widely-used AI library was compromised at the registry level. No EDR, no SIEM, no IR retainer. Here’s the triage methodology, the exact commands, and why I rotated anyway.