Last weekend, a security researcher discovered that a CISA contractor had pushed a public GitHub repository containing AWS GovCloud administrative credentials, plaintext passwords for dozens of internal systems, and access to CISA's internal artifact registry. The contractor had also manually disabled GitHub's built-in secret scanning.
Brian Krebs has the full story: CISA Admin Leaked AWS GovCloud Keys on Github →
On May 12, 2026, a security researcher released a working exploit that defeats Windows BitLocker encryption using nothing more than a USB stick and a few minutes of physical access. The vulnerability — named YellowKey — doesn't exploit a new piece of Windows code. It exploits a piece of code that was supposed to be dead.
Transactional NTFS (TxF), the Windows file system feature at the heart of YellowKey, was deprecated by Microsoft more than a decade ago. Developers were told to stop using it. No new applications should depend on it. But it was never removed — and in 2026, an attacker can use it to read everything on an "encrypted" drive.
We have a name for this class of vulnerability: DNR.
When we posted our first update a few weeks ago, we had a scaffold and a plan. Today we have a platform.
OZTP v0.2.0 is the first full release — four products, a public site, live infrastructure, and the foundation for everything we're building next. Here's what shipped.
Zero Trust is not a new idea. The principles have been articulated in NIST SP 800-207, expanded in the CISA Zero Trust Maturity Model, and reinforced by nearly every major security breach of the past decade. The question has never been whether Zero Trust works — it's why so few organizations have actually achieved it.
The answer, in most cases, is resources. Not a lack of motivation or understanding, but a lack of accessible, practical tooling that doesn't require an enterprise budget or a dedicated security team to deploy.
That's the problem OZTP is built to address.