Posts
4167
Following
733
Followers
1625
"I'm interested in all kinds of astronomy."
repeated

Talos Vulnerability Reports

New vulnerability report from Talos:

GeoVision GeoWebPlayer Websocket Server lack of authentication vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2370

CVE-2026-13125
0
1
0
[RSS] MAD Bugs: My Cousin Vinyl (CVE-2026-50052)

https://blog.calif.io/p/mad-bugs-my-cousin-vinyl-cve-2026
0
0
0
repeated

Everyone likes some sev:CRIT CVEs in IBM's Langflow OSS, right? Here are ten for you in the past ten days:

https://www.ibm.com/support/pages/bulletin/search?q=Langflow

1
2
0
repeated

RE: https://eupolicy.social/@whvholst/116844640728147355

sweet holy mother of surprise! surely not the same Aura Salla who was chief-lobbyist for facebook before being elected to the European Parliament?

0
4
1
repeated

inspired by CLAUDE.md, I’ve started putting markdown files named after coworkers into work code repos so I can remind them to stop doing shit to the codebase that annoys me

for some reason they’re all mad at me now, which means ill be adding commands to JEREMY.md for an attitude adjustment

3
37
1
repeated

For the N'th time in my ~40 years online I'm watching (mostly: European) digital rights civil society placing moral purity of individuals acting within the law, above the collective impact of capability & outcome. It's like the Monty Python "Suicide Squad" skit.

1
1
0
"Anthropic has agreed to proactively detect and address security risks associated with the models [...and...] alert the government of any malicious activity"

So basically Anthropic will snitch on you?

https://www.bbc.com/news/articles/cdr42623e1do
1
0
1
repeated

cargo-audit flags Rust dependencies with known vulnerabilities. A flagged crate, though, doesn't tell you whether your code calls the vulnerable function.

We added a feature that matches a binary's symbols against the functions named in each advisory. Any matches are labeled "Affected," separating real exposure from advisories that don't apply.

It's live in cargo-audit 0.22.2+. If you're behind, update with `cargo install -f cargo-audit`.

https://crates.io/crates/cargo-audit

0
3
1
repeated

I am so tired of people throwing up vibes as actual supportable positions. Show me the data. Show me the science. Otherwise, with respect, you might think a bit more before pressing that "Post" button.

1
2
0
repeated

fake error ended in a $280 million settlement.

The story mostly forgotten today, and one of the reasons why MS was/is so disliked. This is just one of their dirty tricks they played to gain mass adoption and eventually a monopoly on the PC.

https://www.makeuseof.com/microsofts-windows-fake-error-ended-in-a-280-million-settlement/

0
5
0
repeated

Hackerone: Anthropic Cyber Jailbreak Program on H1
1 July 2026

"Scope of Findings

This program covers technical findings where a jailbreak of Claude's cyber safeguards could produce meaningful real-world capability uplift for an attacker---for example:

Techniques that cause Claude to produce functional exploit code, working malware, or detailed attack infrastructure it would otherwise refuse

Prompting approaches that extract domain-expert-level guidance on offensive cyber techniques that the model is designed to decline

Bypasses that work at scale or across multiple offensive task categories"

https://hackerone.com/anthropic-cyber-jailbreak/?type=team

0
2
0
repeated
Edited 14 hours ago

US removes curbs on Anthropic's latest Fable and Mythos AI models
1 July 2026

https://www.reuters.com/business/us-lift-export-controls-anthropics-fable-ai-model-tuesday-source-says-2026-06-30/

Antrhropic statement in reply

1
2
0
repeated
Edited 13 hours ago

Someone is getting fed up with stochastic parrot bs passed off as knowledge and insight from fellow humans.

source: a certain amateur radio reflector.

edit: since this post is (unexpectedly?) doing the rounds, I'm not the author of the reply.

0
3
0
[RSS] Reverse-engineering VMware's encrypted + compressed VM memory checkpoint format (vTPM "partial" encryption)

https://github.com/heeeyaaaa/vmem-decrypt
0
2
6
[RSS] Auditing OpenReception: 16 CVEs in an end-to-end encrypted appointment booking platform (unauthenticated admin creation, account takeover, E2E bypass)

https://moltenbit.net/posts/auditing-openreception/
0
0
2
repeated

periodic reminder about privacy services:

no one is going to go to prison for the privilege of being your mailserver admin/vpn host/etc.

2
8
0
@ekuber IMO they just haven't debugged enough wicked runtime errors yet
1
1
2
repeated

another year at the CTF brings some neat new tricks to bytewitch, my universal weird-blob decoding tool (now home at https://bytewitch.boo 👻):

quickly apply byte-level preprocessing (xor, and, arithmetic) and specify payloads by mixing and matching arbitrary number notations (binary, ternary, hex, whatever)

also, the randomness analysis now flags patterns indicating repeated-key xor and similar obfuscations (in tryhard mode only, for now)

now back to my actual work...

0
3
0
Show older