Everyone likes some sev:CRIT CVEs in IBM's Langflow OSS, right? Here are ten for you in the past ten days:
https://www.ibm.com/support/pages/bulletin/search?q=Langflow
RE: https://eupolicy.social/@whvholst/116844640728147355
sweet holy mother of surprise! surely not the same Aura Salla who was chief-lobbyist for facebook before being elected to the European Parliament?
inspired by CLAUDE.md, I’ve started putting markdown files named after coworkers into work code repos so I can remind them to stop doing shit to the codebase that annoys me
for some reason they’re all mad at me now, which means ill be adding commands to JEREMY.md for an attitude adjustment
For the N'th time in my ~40 years online I'm watching (mostly: European) digital rights civil society placing moral purity of individuals acting within the law, above the collective impact of capability & outcome. It's like the Monty Python "Suicide Squad" skit. #mullvad
cargo-audit flags Rust dependencies with known vulnerabilities. A flagged crate, though, doesn't tell you whether your code calls the vulnerable function.
We added a feature that matches a binary's symbols against the functions named in each advisory. Any matches are labeled "Affected," separating real exposure from advisories that don't apply.
It's live in cargo-audit 0.22.2+. If you're behind, update with `cargo install -f cargo-audit`.
I am so tired of people throwing up vibes as actual supportable positions. Show me the data. Show me the science. Otherwise, with respect, you might think a bit more before pressing that "Post" button.
#Microsoft fake #Windows error ended in a $280 million settlement.
The story mostly forgotten today, and one of the reasons why MS was/is so disliked. This is just one of their dirty tricks they played to gain mass adoption and eventually a monopoly on the PC.
https://www.makeuseof.com/microsofts-windows-fake-error-ended-in-a-280-million-settlement/
Hackerone: Anthropic Cyber Jailbreak Program on H1
1 July 2026
"Scope of Findings
This program covers technical findings where a jailbreak of Claude's cyber safeguards could produce meaningful real-world capability uplift for an attacker---for example:
Techniques that cause Claude to produce functional exploit code, working malware, or detailed attack infrastructure it would otherwise refuse
Prompting approaches that extract domain-expert-level guidance on offensive cyber techniques that the model is designed to decline
Bypasses that work at scale or across multiple offensive task categories"
US removes curbs on Anthropic's latest Fable and Mythos AI models
1 July 2026
Antrhropic statement in reply
Someone is getting fed up with stochastic parrot bs passed off as knowledge and insight from fellow humans.
source: a certain amateur radio reflector.
edit: since this post is (unexpectedly?) doing the rounds, I'm not the author of the reply.
periodic reminder about privacy services:
no one is going to go to prison for the privilege of being your mailserver admin/vpn host/etc.
another year at the #Troopers26 CTF brings some neat new tricks to bytewitch, my universal weird-blob decoding tool (now home at https://bytewitch.boo 👻):
quickly apply byte-level preprocessing (xor, and, arithmetic) and specify payloads by mixing and matching arbitrary number notations (binary, ternary, hex, whatever)
also, the randomness analysis now flags patterns indicating repeated-key xor and similar obfuscations (in tryhard mode only, for now)
now back to my actual work...