Analysis Writer

Claire Donovan

Claire is the one who notices when three unrelated vendor updates are actually the same problem. She writes about the patterns behind ticket spikes, release notes, and IT trends — less for the person doing the patching, more for the person deciding what to prioritize next.

8 articles

Analysis · May 3, 2026

Spirit Airlines is dead. Its attack surface isn't.

The security story isn't that an airline went bankrupt. It's what happens to 132 APIs, years of customer PII, and a cloud footprint when a company dies overnight and nobody is left to decommission it.
Analysis · May 1, 2026

The security work that landed on ops

Cloud shared responsibility, compliance mandates, and insecure defaults have quietly moved security execution onto ops teams that were never staffed for it.
Analysis · May 1, 2026

The most dangerous sentence in a code comment is 'this should never happen'

From Therac-25 to CrowdStrike, the same pattern keeps producing catastrophic failures: an engineer reasons that a condition is impossible, skips the guard, and the system outgrows the assumption.
Analysis · May 1, 2026

A 4.3 that mattered: the 13-day gap between patch and exploitation flag

Microsoft patched CVE-2026-32202 on April 14 without marking it exploited. APT28 had been using it since at least December. The gap between those two facts is where triage models break.
Analysis · May 1, 2026

The same LDAP injection, in two firewalls, in the same month

OPNsense shipped a textbook LDAP filter injection that hid for eleven years. WatchGuard disclosed the same class of flaw weeks later. The pattern is not coincidence.
Analysis · May 1, 2026

The Vercel breach is the Heroku/Travis CI playbook, rerun through an AI tool

A compromised OAuth token at a small AI productivity company gave attackers a path into Vercel's internal systems. The structural pattern is four years old. AI tools are making it worse.
Analysis · Apr 30, 2026

CVE-2026-41940 isn't just a cPanel bug. It's a design assumption that shipped for a decade.

A CRLF injection in cPanel's session writer gave attackers unauthenticated root in four requests. The fix landed. The architecture question hasn't. Updated May 4 with exploitation scale: 44,000+ hosts compromised, ransomware, botnet, and state-sponsored campaigns confirmed.
Analysis · Apr 29, 2026

Microsoft April 2026 Patch Tuesday: the CVE count is the wrong unit

Roughly 160+ CVEs landed in April. About six of them change what an IT team does this week.

Claire Donovan

Spirit Airlines is dead. Its attack surface isn't.

The security work that landed on ops

The most dangerous sentence in a code comment is 'this should never happen'

A 4.3 that mattered: the 13-day gap between patch and exploitation flag

The same LDAP injection, in two firewalls, in the same month

The Vercel breach is the Heroku/Travis CI playbook, rerun through an AI tool

CVE-2026-41940 isn't just a cPanel bug. It's a design assumption that shipped for a decade.

Microsoft April 2026 Patch Tuesday: the CVE count is the wrong unit