Investors woke up this morning and decided we’re in an AI bubble after all. Palantir beat expectations and posted upbeat guidance but is down -8% and Nvidia down -4% after Michael Burry disclosed put options with a notional value of about $187 million against Nvidia and $912 million against Palantir.
The market decided if he’s willing to bet $1B+ that we’re in a bubble then he might be onto something.
I've decided to stop pussy footing around and I am now openly looking for my next challenge.
Interested in a company on the small to mid-size range with a cool story. Ideal position would be a combination of customer outreach, marketing and thought leadership. What ya got? #CyberSecurity
FOR IMMEDIATE RELEASE: exploits.forsale's statement on the arrest of Peter Williams
Randomly Scheduled Reminder: You should use a tool like Loqseq or Obsidian to keep notes and a journal of your life, work, and what you're doing. Future you will thank you. Having those details handy and searchable comes in handy in so many ways.
My approach: https://adamcaudill.com/2022/06/05/logseq-my-external-brain/
NEW: This is how former L3Harris Trenchant boss Peter Williams was able to steal zero-days worth millions of dollars and sell them to a Russian broker, based on court documents and interviews with his former colleagues.
A former Trenchant employee told me that “no one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”
“He was, in my opinion, perceived to be beyond reproach,” the former employee, who has knowledge of Trenchant's IT systems, told me.
I love reverse-engineering because it allows me to dismantle structures of control.
First attempt at building macOS 26.0 XNU as a LIBRARY?! 👩🔬
Check it out! 🎉
https://github.com/blacktop/darwin-xnu-build/releases/download/v26.0/xnu-lib-26.0.tar.gz
Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a287e00
sqlite3GetToken
SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a287e00.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a287e00.json&colors=light
⚒️ FIXED IN iOS and iPadOS 26.1 ⚒️
- 18 bugs in WebKit
- 4 bugs in Model I/O
- 3 bugs in Safari
- 2 bugs in Apple Neural Engine
and 29 other vulnerabilities fixed
https://support.apple.com/en-us/125632
New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩
https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html
Here's an example of Google's AI reporting security vulnerabilities in this codec:
https://issuetracker.google.com/issues/440183164
We take security very seriously but at the same time is it really fair that trillion dollar corporations run AI to find security issues on people's hobby code? Then expect volunteers to fix.
https://bird.makeup/users/ffmpeg/statuses/1983949866725437791
Arguably the most brilliant engineer in FFmpeg left because of this. He reverse engineered dozens of codecs by hand as a volunteer.
Then security "researchers" and corporate employees came along repeatedly insisted "critical" security issues were fixed immediately waving their CVEs.
This was hugely demotivating to the fun and enjoyment of reverse engineering.
https://bird.makeup/users/ffmpeg/statuses/1978390935433097310
An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices.
This week on #OpenSourceSecurity I talk to @ottok about his blog post about detecting an attack like xz in Debian
It's a fascinating conversation about a very complicated topic
There are things that could be detected, but this one would have been very very difficult