‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware.

Goldberg and two other insiders ran ransomware operations since 2023 while employed at cybersecurity firms. After an FBI visit, Goldberg confessed. He now faces up to 50 years in prison.

I found a thing (RCE) in langgraph. ;D

https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5

The Louvre's Video Surveillance Password Was 'Louvre' https://yro.slashdot.org/story/25/11/05/238245/the-louvres-video-surveillance-password-was-louvre?utm_source=rss1.0mainlinkanon

"An eBPF Loophole: Using XDP for Egress Traffic" https://loopholelabs.io/blog/xdp-for-egress-traffic

Someone asked me to hand-translate a publicly posted Chinese technical report about NSA shenanigans on the Chinese Center for Time-Keeping network. It took me a while, because it turns out translating technical corporatese from your third language is very hard when chronically sleep deprived, but it is done.

https://docs.google.com/document/d/1gk1fDLKrN3m5jOSk7QbpGL1SBcLvrm0FTN3H-5ZJZcY/edit?usp=sharing

#nsa #fiveeyes #opsec #infosec #threatintel

Project: golang/go https://github.com/golang/go
File: src/cmd/vendor/golang.org/x/arch/arm64/arm64asm/plan9x.go:24 https://github.com/golang/go/blob/6425749695130f2032ac9cfdf5407b6a322534db/src/cmd/vendor/golang.org/x/arch/arm64/arm64asm/plan9x.go#L24

func GoSyntax(inst Inst, pc uint64, symname func(uint64) (string, uint64), text io.ReaderAt) string

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2F6425749695130f2032ac9cfdf5407b6a322534db%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Farch%2Farm64%2Farm64asm%2Fplan9x.go%23L24&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2F6425749695130f2032ac9cfdf5407b6a322534db%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Farch%2Farm64%2Farm64asm%2Fplan9x.go%23L24&colors=light

This is possibly my favourite bug in Firefox right now. Unfortunately it looks like it is about to be fixed.

https://bugzilla.mozilla.org/show_bug.cgi?id=1802115

🚨 New advisory was just published! 🚨

A vulnerability in the Windows Cloud File API allows attackers to bypass a previous patch and regain arbitrary file write, which can be used to achieve local privilege escalation.

This vulnerability was disclosed during our TyphoonPWN 2025 Windows Category and won first place: https://ssd-disclosure.com/cloud-filter-arbitrary-file-creation-eop-patch-bypass-lpe/

Registration for TyphoonPWN 2026 is already open: https://typhooncon.com/typhoonpwn-2026/

Does anyone know how we can pull a malicious domain which, genially, is usable for multiple #scams?

private-eu[.]com - LIVE domain - #malware

is being used to generate URLS such as "bankname[.]private-eu[.]com" so that they fly below the radar of the "new domain" watches.

Boost for visibility is appreciated.

I started using @kagihq as my search engine

The biggest surprise has been how jarring seeing a search page that isn't full of shit

I didn't realize my brain has come to expect a page of garbage when I search for things, and it doesn't know what to do now

Investors woke up this morning and decided we’re in an AI bubble after all. Palantir beat expectations and posted upbeat guidance but is down -8% and Nvidia down -4% after Michael Burry disclosed put options with a notional value of about $187 million against Nvidia and $912 million against Palantir.

The market decided if he’s willing to bet $1B+ that we’re in a bubble then he might be onto something.

I've decided to stop pussy footing around and I am now openly looking for my next challenge.
Interested in a company on the small to mid-size range with a cool story. Ideal position would be a combination of customer outreach, marketing and thought leadership. What ya got? #CyberSecurity