CFP for #OffensiveCon26 Tokyo edition is STILL open.
We're looking for real, original work: cutting-edge security research, novel exploit techniques and deep technical investigations that actually move the field forward.
And yes, AI it's also in the game.
Shared by my Daughter
"I need privacy, not because my actions are questionable, but because your judgement and intentions are"
In response to "if you have nothing to hide you have nothing to fear"
“you couldn’t tell it was slop if I lied” said the same fried brain that thinks “Key Takeaways 🚀” is a feature of a readme any fucking human wrote
IDA 9.4 Beta 1 has been published (with some features of my own on it):
we're hiring one iOS human on my team https://nowsecure.applytojob.com/apply/BXcVGTgFyb/Research-Engineer?source=Our%20Career%20Page%20Widget
Won 80k via kCTF, unpriv userns-reachable vuln: https://lore.kernel.org/linux-cve-announce/2026050859-CVE-2026-43456-ae60@gregkh/ We fixed in March, upstream 6.6 still unfixed 4 months later.
I heard a very encouraging insight from @j00ru many years ago: either everyone has looked at it because there are always bugs, so there will be more, or no one has looked at it, so there will be bugs. In both cases, there are bugs. I welcome the machines to the playing field.
Cortex is a long-term, multi-tenant scalable open source storage for Prometheus and OpenTelemetry.
Earlier this year we conducted a security audit sponsored by @ostifofficial
Check our report here:
https://blog.quarkslab.com/cortex-security-audit.html
So, if I understand correctly, a bunch of elected politicians said ‘okay, we identified that the things Facebook and friends are doing is actively harmful to their users. So what we’re going to do to mitigate this is ensure that, legally speaking, the only people who can experience these negative effects are people of voting age.’
wow, discord acknowledged on the Bad Place that it was true that an overfitted CSAM detection AI started flagging grids (spreadsheets, game inventory screenshots, etc) as illegal and instabanning people.
8200 people got banned this way over several weeks before someone managed to get their attention on reddit. But the good news is they have in fact manually rolled back all the bans.
On the one hand, this is the one problem where you absolutely want as little hands-on human moderation as possible. On the other, this is a very clear-cut overfitting failure mode on a small dataset (of the images that governments provide to major websites for automated detection) with disastrous consequences for random innocent people. And they presumably had to go back and manually check all bans in this category for the last few weeks, thus maximizing the moderators' exposure too. 🤦♀️