News shouldn’t disappear. 🕳️

Some publishers are blocking the Wayback Machine, putting the public record at risk. Journalists are speaking out.

Add your name. Stand for preserving the news.

✍️ https://www.savethearchive.com/NewsLeaders

Detailed report from DigiCert (thanks!) about "a limited number of code signing certificates, few of which were then used to sign malware".

At the beginning a ZIP file with a .scr executable, and some time later 60 revoked Code Signing certificates. https://bugzilla.mozilla.org/show_bug.cgi?id=2033170

Hungary's pro-Kremlin media gets hacked by WorldLeaks

The leaked data exposes coordination with the Kremlin in anti-Ukraine coverage: https://telex.hu/zacc/2026/04/30/mediaworks-hekkertamadas-memo-zelenszkij-lejaratas-telefonos-segitseg-moszkvabol

Mediaworks threatens lawsuits over coverage of the hacked data: https://hirtv.origo.hu/ahirtvhirei/2026/05/a-mediaworks-kozlemenye

It sues one of the sites that covered the Kremlin ties: https://media1.hu/2026/05/01/mediaworks-buntetofeljelentes-media1-telex-lapszemle-toth-tamas-antal/

h/t @rqm --> https://mastodon.social/@rqm@exquisite.social/116498047329184815

Can web developers stop fucking with scroll bars please? No website is so beautiful that it justifies losing the ability to see how far the page scrolls down. I don't give two shits about your design vision.

CARTOON/BOFFO1.GIF

Interesting Git repos of the week:

Detection:

* https://github.com/gadievron/honeyslop - a side bar to RAPTOR, a vulndev slop detector from @gadi 🤖
* https://github.com/Nehboro/nehboro - a Chrome extension to help protect you from phishing scams
* https://github.com/trustedsec/SysmonCommunityGuide - TrustedSec dropped guides for Sysmon
* https://github.com/JPCERTCC/LogonTracer - watch out for unexpected logins with JPCERT
* https://github.com/persistent-security/month-of-bypasses - a month of detection engineering tips and tricks
* https://github.com/sjzasada/agentflash - my old uni house mate has written a tool to keep an eye on Claude

Bugs:

* https://github.com/theori-io/copy-fail-CVE-2026-31431 - copy.fail \o/

Exploitation:

* https://github.com/CyberStrikeus/CyberStrike - sloppy pen testing 🤖
* https://github.com/SnailSploit/Claude-Red - another agentic pen tester 🤖
* https://github.com/PurpleAILAB/Decepticon - rise of the bots 🤖
* https://github.com/hackerschoice/team-teso - courtesy of @thc, an archive of TESO
* https://github.com/BishopFox/cirro - @BishopFox created Cirro to map clouds 🤖
* https://github.com/thomasdullien/vulpine - @HalvarFlake dabbles in AI bug hunting and vulndev
* https://github.com/boostsecurityio/smokedmeat - smoked meat attacks CICD pipelines for hot red team action
* https://github.com/mandiant/gopacket - Mandiant ported Impacket to Go
* https://github.com/trailofbits/trailmark - @trailofbits's Trailmark graphs code 🤖
* https://github.com/sailay1996/vss-fr2system - arbitrary reads to SYSTEM \o/
* https://github.com/asset-group/Sni5Gect-5GNR-sniffing-and-exploitation - attacking 5G for sniffs and giggles
* https://github.com/ANSSI-FR/bmc-tools - ANSSI parses your RDP screenshots
* https://github.com/BSI-Bund/RdpCacheStitcher - BSI stitches them together
* https://github.com/califio/publications - @thaidn and friends do interesting things 🤖
* https://github.com/jedireza/reserved-subdomains - what subdomains are reserved?

Hardening:

* https://github.com/sektioneins/ovpncc - One of SektionEins's various config checking tools, this onefor OpenVPN
* https://github.com/HarmonicSecurity/claudit-sec - audit your Claude Desktop posture

Cryptography:

* https://github.com/nitram2342/bruteforce-crc - crunching through CRC32

Data:

* https://github.com/op7ic/SwarmMaker - my good friend opt7ic drops a new tool to build LLM skills

Nerd:

* https://github.com/moshix/BRICKS_TS - mainframe code

#security, #research, #code

Infosec community right now…

#Synchrotron control room, Yerevan

Physics Institute, Alikhanyan National Science Laboratory, Yerevan, Armenia
In 1956, the Soviet physicist Artem Alikhanian began the development of the Armenian accelerator, known as #Arus. His aim was to construct the most powerful electron synchrotron in the world, capable of accelerating particles to nearly the speed of light around a closed loop.

#photography
#Russia
#science
#physics
#Armenia

313 Team, the Iraqi-aligned group claiming credit for the Ubuntu attack, are now encouraging the use of #CopyFail against Ubuntu targets while servers may not be able to reach updates.

https://discourse.ifin.network/t/ubuntu-services-under-attack/356

Ask Jeeves, one of the first search engines, has shut down on Friday

https://www.ask.com/

Security firm Trellix has disclosed a security breach after hackers gained access to its source code

This highlighted section here is important since Trellix is one of Europol's closest industry partners

If this is TeamPCP, as I suspect, they might have screwed up

https://www.trellix.com/statement/

“GCC now supports Algol 68” https://algol68genie.nl/en/blog/gcc-algol-68-genie/

#BlackMetal album of the day by a friend of mine: Malevolic, Complete Integrity Corruption.

https://malevolic.bandcamp.com/album/complete-integrity-corruption
#Metal

My first ever open source release: lib0xc, the C standard library you wish you had.

https://aka.ms/lib0xc