When Peter Stokes (Scattered Spider's "Bouquet") was arrested in Finland this month, people speculated that his real identity had been unmasked by Microsoft using the Windows GDID assigned to his computer. GDID *was* used to trace crimes to his computer, but Unit 221B's Allison Nixon tells me he had been unmasked in 2023, long before he committed the biggest crimes mentioned in his indictment. I spoke with her about tracking Stokes and other members of The Com, and why these cybercriminals brag about their crimes online and are so reckless about drawing attention to themselves and leaving a trail of evidence. We also talked about why, if Stokes had been identified in 2023, it took until 2026 to arrest him.
@jbz
This is how it all started.
"Processing personal information of children is illegal"
"Cool, I'll ask users if they're adult at registration, and if they lie that's their problem"
"Nope, still illegal, still your problem"
"Ok so how do I prevent children from accessing my website so that I don't accidentally process their personal information?"
Thinking in terms of children leads nowhere. We must ban computers from using humans regardless of age, otherwise we'll end up with age verification
RE: https://infosec.exchange/@perfect10_bot/116923952993204894
Hm, pfeeew, "just" the 5.0 betas 
Dear Malta Gaming Authority,
Yes, I hacked you, and the data obtained has been shared with media partners, authorities,….
And yes, we will expose the organized crime enablement schemes you created while presenting yourselves as a “legitimate public service”.
So if you lurk in any AI subreddit, discord, forum, or issue tracker, its pretty obvious that the answer to "how do people trust these things when they make mistakes literally all the time and its impossible to know when" is that there is a general conspiracy theory that whenever the model does bad output it is the AI company nerfing their model on purpose: for anthropic, its that they are compute strapped. For openAI, getting sued or cucked. Google is that google just sort of fucks their own shit up all the time, same with Microsoft.
This kind of post basically dominates all of these forums. That systemic failures are one-off byproducts of the momentary malevolence of the companies. The gambler only complains about the house always winning when the house wins bigger than usual.
RE: https://infosec.exchange/@hnsec/116923239649243702
My #Semgrep C/C++ ruleset is ready for prime time again!
Grab it before our new robot overlords take over the field of #VulnerabilityResearch entirely 🤖
"I'm very glad," said Piglet happily, "that I thought of giving you Something to put in a Useful Pot."
#ESETresearch discovered and reported to @certcc 11 old Microsoft-signed UEFI shim bootloaders that allow bypassing UEFI Secure Boot on most UEFI systems. Read about it at https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/
Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft’s June Patch Tuesday updates.
https://www.cve.org/CVERecord?id=CVE-2026-8863
https://www.cve.org/CVERecord?id=CVE-2026-10797
Exploiting these vulnerable shims allows execution of untrusted code at system boot by using the Bring Your Own Vulnerable Driver (#BYOVD) technique, enabling deployment of malicious UEFI bootkits on systems that trust the Microsoft Corporation UEFI CA 2011 certificate.
What makes these old shims dangerous is not a novel vulnerability, it’s that no new vulnerability is needed to bypass Secure Boot. Just an old, still-trusted, unrevoked shim and basic knowledge of how UEFI works is enough to bypass UEFI Secure Boot and deploy a UEFI bootkit.
For more details and instructions on how to verify that the dbx patches were properly applied on your system, read our blogpost:
https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/
Idle thought: you can have progressive JPEGs in which coefficients for lower-frequency components are sent first and the detail is refined as more data arrives.
I'm sure you can abuse this to construct a *regressive* JPEG that looks good with the initial low-frequency data and then degrades into something terrible.
Remarkable transparency from CISA here. After years of telling orgs to have a playbook for security incident handling, they had a security incident themselves.. and no playbook on how to respond. https://techcrunch.com/2026/07/10/us-cyber-agency-cisa-had-to-build-its-incident-playbook-during-the-incident-agency-reveals/
Jesus christ. I just watched ChatGPT consult the Merriam-Webster dictionary for firewall syntax.
lets be honest, we’re doing you a favor making your pc unbootable.
RE: https://infosec.exchange/@nemokamui/116919449162115047
Perfect 10 in SonicWALL SMA1000! 🥳
sev:CRIT 10.0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008
Edit to add that it's EITW:
IMPORTANT: SonicWall PSIRT has investigated multiple cases indicating the active exploitation of the vulnerabilities described in this advisory. Customers are strongly urged to upgrade to the hotfix release as soon as possible to remediate these vulnerabilities.
It's landed. The bug apocalypse is upon us as #Microsoft releases patches for 620+ CVEs to go along with #Adobe's 88. @TheDustinChilds has done his best to make sense of it all. Read his analysis at https://www.zerodayinitiative.com/blog/2026/7/14/the-july-2026-security-update-review