Posts
3686
Following
724
Followers
1595
"I'm interested in all kinds of astronomy."
repeated
repeated

Project Zero Bot

New Project Zero issue:

vpu driver open and close instance ioctls race causing UAF

https://project-zero.issues.chromium.org/issues/463672550

CVE-2026-0112
0
3
1
Who would win: the Balrog or Yoda?
20% Balrog
30% Yoda
50% the nerds
1
0
0
repeated
@mttaggart Plus the store-now-decrypt-later threat model is not really affected by the time of the first practical quantum attack (you just store more data). I think the original announcement is more about the good rate of pqc adoption rather than q-computing breakthroughs...
0
0
1
repeated

@james_inthe_box @campuscodi VPNs have that problem where they don't solve the problem that the people selling VPNs say they solve

1
2
0
@freddy Not that I know of unfortunately. Your post reminded me of this one and took me a while to even find the video I watched a couple yrs back... It's concise, works by listening only and the seek should already be at the end of the ad segment :)
0
0
1
@timb_machine I'm even more concerned that we forget about basic maintainability too...
0
0
1
repeated
Edited yesterday

Coding with LLMs and agents is a generational opportunity to throw the last decade's hard won lessons on secure coding and appsec out of the window. Definitely something that trust and safety teams, threat actors and possibly even your parents are seizing on with glee when they bypass all of your policies and procedures around installing new software, data governance, validated designs, code reviews, principles of least privilege and regular security assessments. Best of luck.

1
2
0
repeated

Alisa Esage Шевченко

I popped a Pwn2Own $40k target with a directory traversal in hypervisor

Plenty of buffer overflows there, too
https://bird.makeup/users/abantdogal/statuses/2036132328599089230

0
1
0
Your periodic reminder that security tools are attack surface too.

#trivy
0
4
9
To celebrate the trivy/litellm/??? supply chain compromise, here's some good old #ska #music:

https://www.youtube.com/watch?v=42QloZAhM44
0
1
0
repeated

i love that we went from "zero trust" as a fundamental buzzword to "trust autonomous nondeterministic agents everywhere in your stack"

11
30
0
@a2_4am "You are absolutely right..."
0
0
18
repeated

RE: https://mastodon.social/@MozillaAI/116279201448628866

All we wanted was a browser. All you had to do was build a browser. You had one job.

2
15
0
repeated

"Simple. I got very bored and depressed, so I went and plugged myself in to its external computer feed. I talked to the computer at great length and explained my view of the Universe to it," said Marvin.
"And what happened?" pressed Ford.
"It committed suicide," said Marvin and stalked off back to the Heart of Gold.

0
1
0
repeated

Compromised! LiteLLM - a popular Python Library used by a lot of AI tooling got compromised on PyPI, and the malicious versions are stealing everything they can find on your machine:

👇
https://www.xda-developers.com/popular-python-library-backdoor-machine/

1
3
0
Show older