Look at the rate of weasel wording in OpenAI's not-really-apology:

https://openai.com/index/helping-people-when-they-need-it-most/

I'm sick and tired of people pretending they have ways to enforce LLM behavior, while all they do is weigh dices differently - they remain dices.

Trying to enforce security boundaries with a PRNG is one thing, but you definitely can't prevent reinforcing harmful behavior, because you can't even define what it is.

And this can cost lives, as we just witnessed.

The CEO of Open AI should be tried for accessory to murder -- OpenAI responds to ChatGPT helping a teen commit suicide

What a load of goddamned CRAP:

https://openai.com/index/helping-people-when-they-need-it-most/

🇪🇺 Brussels speaks clearly. @EU_Commission confirmed to us: The #DigitalMarketsAct is non-negotiable, not even as part of trade talks with Donald Trump.

💪 We welcome the EC’s reaffirmation of its commitment to neutral, robust, and evidence-based enforcement of the #DMA. But we call on the Commissioners to strengthen enforcement and make sure gatekeepers cannot get away with circumventing the law.

👉 Read the Commission’s reply: https://edri.org/wp-content/uploads/2025/08/European-Commission-response-on-US-influence-in-DMA-enforcement.pdf

"Will WebClient Start"

This awesome blog post by Steven Flores, with SpectorOps, tries to answer a question I had too: "Is it possible to start the WebClient service remotely as a low-priv user?"

Very interesting read. The article walks you through the entire thought process and tackles various Windows internals. And even if the result may seem underwhelming, it lays the ground for others to try and take on this challenge. 😉

👉 https://specterops.io/blog/2025/08/19/will-webclient-start/

SMAP is coming to Windows

[RSS] The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309) - watchTowr Labs

https://labs.watchtowr.com/the-one-where-we-just-steal-the-vulnerabilities-crushftp-cve-2025-54309

Magical Breakpoints and Where to Find Them

Total respect for Alyssa Anne Rosenzweig, @lina@vt.social and all the other developers from Asahi Linux for reverse engineering Apples M1 GPU architecture to the point where they surpassed Apple by providing Vulkan support.
That is so unbelievable outstanding!
No one else of all those other senior developers in the whole wide world didn't even bother to try. Meanwhile someone born 2001 (like Alyssa) did – I think the others are mostly in the same age range.
I can only repeat, this is outstanding!
Congratulations and thank you all for your incredible work!!

https://rosenzweig.io/blog/asahi-gpu-part-n.html

#asahilinux #asahi #m1reverseEngineering #apple #reverseengineering #linux

The chatbot mental health crisis is here. No one is ready for it https://www.platformer.news/chatgpt-suicide-lawsuit-openai-safety/

Hungarian #FolktaleMoment of the day:

You know the folktales where fairy maidens are taking a bath, and the "hero" steals the dress of one of them to force her to be his wife?
(Also in Selkie stories)

Well I just read a Hungarian folktale where the guy steals the dress - at which point the fairy walks up to him, slaps him across the face, and takes the dress back.

Pop off, queen.

#folklore #folktales #storytelling

How it was to scan the whole Internet in 1998. Don’t skim over week 3, when an actual APT shows up 🍿

The #Internet #Auditing Project (beta 1)

https://www.focb.co.nz/audit/

I finally brought myself to read this essay

https://www.structuredprocrastination.com

[RSS] Journey to freedom: Escaping from VirtualBox and Unchaining Objects in the Windows Kernel

https://www.reversetactics.com/publications/2025_conf_typhooncon_journeytofreedom/

[oss-security] libssh2 Base64 Encoding Heap [Overread] in Known Hosts SHA1 Hash Processing

https://seclists.org/oss-sec/2025/q3/137

Related to known_hosts parsing, finding useful vectors seems tricky

It still doesn't work, but now at least I can debug it...

Hacking & Barbecue in the south of France
What could possibly be better?

Barbhack 2025 starts this Saturday August 30th at the Palais des Congrès Neptune in Toulon

We are giving away a ticket to a student nearby looking to live the experience.

Send us a DM with your name and school. We will notify the winner tonight.

https://www.barbhack.fr/2025/fr/index.html

Formal verification is a process for reducing programmers' confidence in their ability to write correct code.

I've been working on improving a few of Git's man pages and I could use a few more test readers to read the existing documentation and identify what's confusing about it! Here's the signup form: https://docs.google.com/forms/d/e/1FAIpQLSdYd9FrjiBg8IbJXk-51p7zewt7aiVOamUImnpb90hK29w3Qg/viewform

I'd especially love test readers who use Git on the command line but aren't 100% comfortable with it.

Today's star of the show seems to be Citrix...

https://www.cve.org/CVERecord?id=CVE-2025-7775
https://www.cve.org/CVERecord?id=CVE-2025-7776

/ht @cR0w

RE: https://infosec.place/objects/f89c1f12-08ad-4b8d-9a6e-33f954fbeb77