OH: "You're in his DMs. I'm in his VMs. We're not the same."
2025 Component Abuse Challenge: Overdriven LEDs Outshine the Sun
https://hackaday.com/2025/11/06/2025-component-abuse-challenge-overdriven-leds-outshine-the-sun/
‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware.
Goldberg and two other insiders ran ransomware operations since 2023 while employed at cybersecurity firms. After an FBI visit, Goldberg confessed. He now faces up to 50 years in prison.
I found a thing (RCE) in langgraph. ;D
https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5
The Louvre's Video Surveillance Password Was 'Louvre' https://yro.slashdot.org/story/25/11/05/238245/the-louvres-video-surveillance-password-was-louvre?utm_source=rss1.0mainlinkanon
"An eBPF Loophole: Using XDP for Egress Traffic" https://loopholelabs.io/blog/xdp-for-egress-traffic
Someone asked me to hand-translate a publicly posted Chinese technical report about NSA shenanigans on the Chinese Center for Time-Keeping network. It took me a while, because it turns out translating technical corporatese from your third language is very hard when chronically sleep deprived, but it is done.
https://docs.google.com/document/d/1gk1fDLKrN3m5jOSk7QbpGL1SBcLvrm0FTN3H-5ZJZcY/edit?usp=sharing
Project: golang/go https://github.com/golang/go
File: src/cmd/vendor/golang.org/x/arch/arm64/arm64asm/plan9x.go:24 https://github.com/golang/go/blob/6425749695130f2032ac9cfdf5407b6a322534db/src/cmd/vendor/golang.org/x/arch/arm64/arm64asm/plan9x.go#L24
func GoSyntax(inst Inst, pc uint64, symname func(uint64) (string, uint64), text io.ReaderAt) string
SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2F6425749695130f2032ac9cfdf5407b6a322534db%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Farch%2Farm64%2Farm64asm%2Fplan9x.go%23L24&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2F6425749695130f2032ac9cfdf5407b6a322534db%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Farch%2Farm64%2Farm64asm%2Fplan9x.go%23L24&colors=light
This is possibly my favourite bug in Firefox right now. Unfortunately it looks like it is about to be fixed.
🚨 New advisory was just published! 🚨
A vulnerability in the Windows Cloud File API allows attackers to bypass a previous patch and regain arbitrary file write, which can be used to achieve local privilege escalation.
This vulnerability was disclosed during our TyphoonPWN 2025 Windows Category and won first place: https://ssd-disclosure.com/cloud-filter-arbitrary-file-creation-eop-patch-bypass-lpe/
Registration for TyphoonPWN 2026 is already open: https://typhooncon.com/typhoonpwn-2026/
Does anyone know how we can pull a malicious domain which, genially, is usable for multiple #scams?
private-eu[.]com - LIVE domain - #malware
is being used to generate URLS such as "bankname[.]private-eu[.]com" so that they fly below the radar of the "new domain" watches.
Boost for visibility is appreciated.
I started using @kagihq as my search engine
The biggest surprise has been how jarring seeing a search page that isn't full of shit
I didn't realize my brain has come to expect a page of garbage when I search for things, and it doesn't know what to do now