↳ Tech. For. Humans. · Est. 2026

TECH.
FOR.
HUMANS.

One GitHub Issue Should Not Be Able to Steer Your Coding Agent

A Claude Code GitHub Action flaw showed how AI issue triage, broad repo permissions, and prompt injection can become a supply-chain problem.

READ FEATURED →

I write about security, privacy, and AI — the stuff that matters but rarely gets explained well. Practical, opinionated, honest.

No fear-mongering. No affiliate tax. Just the plain-English version.

▸ CATEGORIES

Cybersecurity

Practical security for small businesses and individuals

Privacy & Rights

Digital rights, surveillance, and protecting your data

AI Tools

Making AI accessible for non-technical people

§ 01

LATEST

67 articles and counting. Newest first.

№ 012026

Privacy5 min read

Your AI Assistant Should Not Believe Your Notifications

A patched Google Gemini bug showed how a hostile WhatsApp or Slack notification could steer an Android assistant. The fix matters, but the design lesson matters more.

Jun 4, 2026READ →

№ 022026

Security5 min read

The Patch Window Is Gone

Android, WebLogic, WinRAR, and AI-assisted exploit tooling all point at the same boring truth: patching slowly is becoming a security decision, not an operations delay.

Jun 3, 2026READ →

№ 032026

Security6 min read

The npm Worm Is Now in the AI Toolchain

Miasma, codexui-android, and the Meta support-bot incident all point at the same uncomfortable pattern: developer and AI workflows are becoming account-recovery, credential, and deployment surfaces.

Jun 2, 2026READ →

№ 042026

AI Tools6 min read

Your AI Agent's Memory Is Now an Attack Surface

OWASP Agent Memory Guard is a useful signal: the dangerous part of agent memory is not only what the model remembers. It is who gets to write into that memory, when, and how long the poison survives.

Jun 1, 2026READ →

№ 052026

Privacy7 min read

A Website Should Not Be Able to Watch Your SSD

FROST is a browser side channel that uses OPFS storage timing and SSD contention to infer what else is happening on your machine. It is not a catastrophe. It is a warning about how much power we keep handing to ordinary web pages.

May 31, 2026READ →

№ 062026

Security10 min read

ChatGPT Is Becoming a Browser Surface, and Attackers Noticed

Two incidents this week point to the same shift: AI assistants are no longer just tools you ask questions. They are trusted rendering surfaces, link brokers, and post-exploitation operators. That changes the security model.

May 30, 2026READ →

VIEW ALL 67 ARTICLES →

LIVE THREAT FEED · /THREATWATCH

ALL →

▸ STAY IN THE LOOP

TECH.FOR.HUMANS.