Friendly reminder from @buherator about your thoughts on reshare and r4ghidra projects: #poll

r4ghidra-r2web - https://mbbkepfl.formester.com/f/GfJNIHusN
r4ghidra-REPL - https://mbbkepfl.formester.com/f/invMupinF
REshare - https://mbbkepfl.formester.com/f/rLvls916S

Have a fun Patch Tuesday, nerds.

https://apnews.com/article/japan-softbank-son-nvidia-ai-chips-d8a10172850628c317a214280a4d94c9

You install PSP on your operator workstation and the vendor starts spying on you.

https://www.huntress.com/blog/rare-look-inside-attacker-operation

#opsec

@uint8_t A man of culture ;)

This article highlights how much control endpoint security vendors have over customer machines, and transitively over companies and maybe even nations:

https://www.huntress.com/blog/rare-look-inside-attacker-operation

You only install this stuff, because you trust the vendor (and their government, etc.). Or not, see Kaspersky vs. US.

#AntiVirus #EDR #HackBack

That's … special. Scientists in the field of artifical intelligence telling von der Leyen to stop AGI buzzwording.

https://www.iccl.ie/wp-content/uploads/2025/11/20251110_Scientists-letter-to-the-President-AI-Hype.pdf

@keepassxc I think you misunderstood the “plausible-looking generation” criticism. The issue is not that the LLM is created to purposefully slip changes past reviewers, that would indeed be quite silly. It is trained by optimizing for plausible looking output – in essence the LLM “tries” to generate code that looks plausibly correct and such code is correct only inasmuch as code being correct is correlated with code looking correct. In contract humans when coding are trying to create correct code, and correctness there is related to how well a given human can generate correct code. The worry is that when a human makes a mistake it has a much higher chance of looking like a mistake, while LLMs are more likely to create correct-looking mistakes, because they are optimized for creating correct-looking output in general. This is what people mean when they say that LLMs will “sneak” mistakes past reviewers, and perhaps a reason to at least have different approaches to reviewing these two kinds of code.

I’m not sure what to think about the change in general, given what I know about LLMs your approach still makes me quite uneasy, but probably not enough to switch to a different password manager. Anyway, just wanted to explain the apparent confusion about this specific argument.

Oh, and since I’m writing to you already – thanks a lot for maintaining KeePassXC, it’s on the short list of software that works exactly as I like and I really have no complaints about.

[RSS] How I got Domain Admin via Citrix FAS through ESC3

https://scribe.rip/@Debugger/how-i-got-domain-admin-via-citrix-fas-through-esc3-40c6b86d7ae1

From vendor to ESC1

https://scribe.rip/@Debugger/from-vendor-to-esc1-ed32281b7ea7

Awesome blog post explaining why ~all enterprise domains could be pwned via ADCS lately: vendors prescribe insecure configuration to integrate their stuff!

(AFAICT I couldn't post this from my RSS reader, but if you see this for the fifth time, I'm sorry!)

@algernon You are joking but https://www.itjungle.com/2025/11/10/fresche-taps-ai-for-new-rpg-to-java-conversion-tool/

@G33KatWork Every single line in that video is brilliant 😂

@TomSellers

@TomSellers "Every time Prometheus says 'up' I ask: 'up, compared to what?'" https://www.youtube.com/watch?v=rXPpkzdS-q4

HTTP Request Smuggling in Kestrel via chunk extensions (CVE-2025-55315) https://www.praetorian.com/blog/how-i-found-the-worst-asp-net-vulnerability-a-10k-bug-cve-2025-55315/

Few exploits with their CVEs for the Unitree G1 humanoid robot https://github.com/Bin4ry/UniPwn

HyperDbg v0.17 is out! ✨🥂

This update brings major improvements to the script engine, including multidimensional arrays, compound & multiple assignments, plus key interpretation bug fixes.

Check it out:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.17

For more information, you can check:

Compound assignments:
https://docs.hyperdbg.org/commands/scripting-language/variables-and-assignments#compound-assignment

Arrays:
https://docs.hyperdbg.org/commands/scripting-language/variables-and-assignments#arrays

Multidimensional arrays:
https://docs.hyperdbg.org/commands/scripting-language/variables-and-assignments#multidimensional-array

@Toastie “Your homework tonight, and I’ll remind you of this later, go listen to the song ‘43% Burnt.’” Hell yeah, this guy doesn't fuck around \m/

I've never published anything so close to my heart. Hope ya love it.

https://www.hcn.org/issues/57-11/heavy-metal-is-healing-teens-on-the-blackfeet-nation/

#Indigenous #metal