@giocomai @LukaszOlejnik Also, the linked graphic speaks conditionally, and its source is unclear...

I wonder if there are tried and tested guides about _documenting_ deceptive technologies deployed in a system?

Trivially this would be something like "srv01:443 is a canary, don't decommission", but of course if the attacker sees this first, that's a problem.

/cc @haroonmeer

When we throw up our hands and say none of it matters, we're doing the fascists’ work for them. They don't need to hide their corruption if they can convince us it's pointless to look. They don't need to silence truth-tellers if we've already decided truth is meaningless.

https://www.citationneeded.news/it-matters-i-care/

@bradlarsen My rule of thumb is that LLM's are useful if results are cheap to verify. When it comes to development this mainly means one-off utils/prototypes/PoC's.

[RSS] X41 Audited Ruby on Rails

https://x41-dsec.de/security/research/job/news/2025/06/11/ruby-on-rails/

[RSS] Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck

https://itm4n.github.io/checking-symantec-account-credentials-privesccheck/

[RSS] Streaming Zero-Fi Shells to Your Smart Speaker

https://blog.ret2.io/2025/06/11/pwn2own-soho-2024-sonos-exploit/

[RSS] Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'?

https://www.404media.co/spam-blogs-ai-slop-domains-wowlazy/

Instant reshare!

“Localhost tracking” explained. It could cost Meta 32 billion. https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

@joxean yes.

"Donald Trump’s director of national intelligence fed the JFK files into an AI program, asking it to see if there was anything that should remain classified, she told a crowd at an Amazon Web Services conference Tuesday"

Is there any way we can convince The Onion to not keep publishing their stuff under different domain names? 🤪

https://www.thedailybeast.com/tulsi-gabbard-admits-to-asking-ai-what-to-classify-in-jfk-files/

Bypassing GitHub Actions policies in the dumbest way possible

https://blog.yossarian.net/2025/06/11/github-actions-policies-dumb-bypass

#security

@cR0w Don't thinks so: other insignificant parts of the page also render weird without JS. My bet is on some CMS fuckery trying to be smart about content formatting.

New vulnerability report from Talos:

Adobe Acrobat Reader Font CFF2 PrivateDict vsindex Out-Of-Bounds Read Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2159

CVE-2025-43578

New vulnerability report from Talos:

Adobe Acrobat Reader Annotation Destroy Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2170

CVE-2025-43576

@cR0w FML it's actually some JavaScript frontend monstrosity...

@cR0w It just white-on-white, I didn't even notice in my RSS reader

[RSS] CVE-2025-33073: A Look in the Mirror - The Reflective Kerberos Relay Attack

https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/