Why people working on software where something serious is at stake would throw out known gradient to use a code generator + testing is beyond my capacity to understand.

https://1password.social/@1password/116580082041363054

#AI #GenAI #GenerativeAI #LLM #VibeCoding #Software #SoftwareDevelopment #tech #dev #security #InfoSec #PasswordManagers

RE: https://eigenmagic.net/@arichtman/116583583697455397

cue Admiral Akbar’s IT’S A TRAP dot jiff

#honeypot #infosec #surveillance #finance

AodeRelay boosted

Bit Regurgitator » 🌐 2026-05-16
@arichtman@eigenmagic.net

"All my apes gone" is gonna have such a banging sequel

https://techcrunch.com/2026/05/15/openai-launches-chatgpt-for-personal-finance-will-let-you-connect-bank-accounts/

the last weeks we saw more and more security issues coming up. Let's talk!

Sorry, a pretty long blog post about this...

https://gyptazy.com/blog/coding-after-ai-are-humans-still-good-enough/

#ai #aicoding #coding #opensource #foss #security #infosec #vulns #developer #devops #engineer #ops #fedi #philosophy

Alt...

Let's talk about AI slops - like this image!

Reading this blow post makes you angry at vendor & platform lock in

Do something about it

# FIGHT

Athropy is used here

https://fireborn.mataroa.blog/blog/the-slow-death-of-the-power-user/

#Slow #Death #Power #User #OpenSource# #programming #InfoSec #Closed #Source #meta #aplhabet #FB #enshittification

I had found a very thorough server checker (e.g. TLS, DKIM, certificates, PFS, DMARC, you name it) here on the fedi at some point and thought I'd bookmarked it, but just can't find it anymore. Any recommendations from the sysadmin crowd?

#selfhosting #infosec #sysadmin

So a new, quite effective method I've found during pentests recently:

People are starting to connect their work email and calendars to personal AI agents, and are, inevitably, storing the code in publicly accessible repos.

There are two things I look for:

- Email creds, prevalent where people have given the AI dealy IMAP access to their messages.

- If I can't find email creds, the link to the private Google Calendar (either outlook or Google) ICS file.

If you grab that ICS file, you download effectively an entire copy of the calendar, which includes the body of the meeting invite - so, various links, attachments, keys/secrets/passwords etc.

I have done the email thing maybe once or twice.

The calendar thing, at least a dozen times in the last few months.

#infosec

About that... We now have a fourth vulnerability: ssh-keysign-pwn. Despite the first three letters, this is a Linux kernel vuln. PoC already available.

#Linux #Security #Vulnerabilities #InfoSec

Just to be clear, I think JavaScript is fine for authenticated or more complex content. If I'm a user of a server, it seems acceptable that I should trust it and enable JavaScript.

However, if I am some random visitor to your instance and just trying to view a post or user profile, that should not require JavaScript.

The JavaScript ecosystem (e.g., npm) is rife with supply chain hacks. Plus, there are many poorly maintained Mastodon instances (e.g., mastodon.social, I think?). Although, I guess those poorly maintained instances are not pulling down the latest backdoored npm packages... Regardless, it is a security risk to require visitors run JavaScript from every instance they visit for simple content.

#Mastodon #ActivityPub #InfoSec #Security #MastoAdmin

⋅ Shai-Hulud Worm Steals npm, GitHub, AWS, and Kubernetes Secrets From Developers

− https://cybersecuritynews.com/shai-hulud-worm-steals-npm/

#InfoSec #CyberSec

Pictured is a Gotosocial #ActivityPub server (#Mastodon-compatible), that I've been successfully running for several months now. It's running on the Raspberry Pi 5 (small black box in the background), firewalled behind an #OpenWRT router. This server uses my "Super Owl reverse proxy", where an inexpensive VPS in the cloud acts as the "frontend". The #RaspberryPi 5 "backend" server has *far* more disk space (than the frontend VPS); it has a 500GB NVMe. More info:
https://owleyes.blue/posts/gotosocial-reverse-proxy-with-wireguard/
#InfoSec #SelfHosting

Alt...

An OpenWRT router in the foreground, and a Raspberry Pi 5 in an Argon Neo case, in the background.

This is something that's actually forbidden in our country

companies may not call random numbers just to spam them.

To compensate for that luxury, the main internet and POTS provider let's companies pay them to spam us with SMS!

This is also disallowed by law but no one seems to bother to file a class action suit against this company

Those spam SMS you can easily block though

@rl_dane

#Spam #privacy #InfoSec

All of them need local physical access to the servers right?

@h3artbl33d

#InfoSec

The more you read this piece of excellent work the more you realize how much energy we, as the Open Source community, the programma's and the users, shall need to put in another to get a proper Balance Again

Read the section here.

Source:

https://fireborn.mataroa.blog/blog/the-slow-death-of-the-power-user/

#Power #User #Walled #Garden #programming #InfoSec #privilege #feature #parameters #control #OpenSource against #Meta #FB #Alphabet #Enshittification #Google #Elon #Musk #Twitter #Facebook #WTF

#infosec #cybersecurity
Three minor #Linux #kernel releases in three days to fix the copy fail / dirty frag local #privilegeescalation
You would think the #shitshow is over?
Nope! Today, Gentoo published new kernels with a bespoke patch.

--- linux-6.18.29-gentoo/net/core/skbuff.c 2026-05-12 12:00:13.960097343 +0200
+++ linux-6.18.29-gentoo-r1/net/core/skbuff.c 2026-05-14 12:36:07.935053114 +0200
@@ -2188,6 +2188,7 @@
skb_frag_ref(skb, i);
}
skb_shinfo(n)->nr_frags = i;
+ skb_shinfo(n)->flags |= skb_shinfo(skb)->flags & SKBFL_SHARED_FRAG;
}

if (skb_has_frag_list(skb)) {
@@ -6149,6 +6150,8 @@
from_shinfo->frags,
from_shinfo->nr_frags * sizeof(skb_frag_t));
to_shinfo->nr_frags += from_shinfo->nr_frags;
+ if (from_shinfo->nr_frags)
+ to_shinfo->flags |= from_shinfo->flags & SKBFL_SHARED_FRAG;

if (!skb_cloned(from))
from_shinfo->nr_frags = 0;

https://depthfirst.com/nginx-rift

Anyone running nginx? Noone does that right?

#nginx #infosec #cybersecurity

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!

I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz

I got 29 of these alerts over a 3½ hour period overnight, all from IP addresses in Iran.
Since access to the public internet has been blocked for most people in Iran since January, this is probably government-backed Iranian hackers credential-stuffing Synology boxes. I would imagine there is probably some specific reason they're targeting Synology boxes, perhaps having to do with recently patched CVEs.
If you have Synology devices, make sure your security is tight!
#Iran #Synology #IOC #infosec

Alt...

Synology ActiveInsight notification about a failed login to my NAS from an IP address in Iran

I knew my browser was chatty but I didn't know that my browser on Android was so chatty and so wonderful with giving out free space

Space that I need!

Sources

https://sinceyouarrived.world/taken

#InfoSec #Firefox #Android #parameters #programming

Hey, did I mention over here yet that regiastration for BSides Ume on June 16-17th is open: https://indico.neic.no/event/287/

This year we are happy to have @bagder as our keynote speaker!

#BSidesUme #BSides #infosec #umea

⋅ Fragnesia Linux Vulnerability Let Attackers Gain Root Privileges – PoC Released

− https://cybersecuritynews.com/fragnesia-linux-vulnerability/

#InfoSec #CyberSec #Linux

⋅ Android 16 peut laisser fuiter votre IP réelle malgré votre VPN, mais Google ne voit pas le problème

− https://www.clubic.com/actualite-612835-android-16-peut-laisser-fuiter-votre-ip-reelle-malgre-votre-vpn-mais-google-ne-voit-pas-le-probleme.html

#Android #Google #InfoSec #CyberSec

New.

Cloudflare: When "idle" isn't idle: how a Linux kernel optimization became a QUIC bug https://blog.cloudflare.com/quic-death-spiral-fix/ #Cloudflare #Linux #infosec #threatresearch

🧵 Pixel art works, 8/x

Isometric pixel illustration for a Dutch infosec company.

#PixelArt #InfoSec #security #privacy #safety #data #CharacterDesign #graphics #design #artwork #2D #vector #illustration #illustrator #fantasy #picture #DigitalArt #OriginalArt #digital #experimental #style #art #artist #arts #arte #designer #GraphicDesign #minimalism #NoAI #HumanArt #ArtLovers #FineArt #painting #drawing #doodle #sketch #MastoArt #FediArt #MastodonArt #CreativeToots #ArtistsOnMastodon

Alt...

Stylized isometric pixel artwork of a character operating a rugged laptop in a protected environment, surrounded by walls and security cameras.

RE: https://cyberplace.social/@GossiTheDog/116565662607962457

This YellowKey Bitlocker Bypass Vulnerability is seriously crazy. As if someone found a government / law enforcement backdoor.... #infosec #cybersecuity

your auntifa liza 🇵🇷 🦛 🦦 boosted

Kevin Beaumont » 🌐 2026-05-13
@GossiTheDog@cyberplace.social

So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey

Mitigation = BitLocker PIN and BIOS password lock.

Many people also don't realize that everyone on the globe, who is in a country which is being controlled by Swift banking system, will also suffer.

@rl_dane

#Privacy #SSN #InfoSec #breach #sensitive #programming

What is happening over there!?

It's extremely disturbing that they want your Sierra Sierra November. That is a record you can always be uniquely identified with

@rl_dane

#Privacy #SSN #InfoSec #breach #sensitive #programming

#Introduction time! I'm rysiek. On fedi since before it was fedi ­— I see you, old StatusNet guard!

Did information security and infrastructure for #PanamaPapers journalists, fought #ACTA on the streets and in meetings, helped write the book on #NetNeutrality, started a hackerspace and a half, and wrote a bunch of code.

Media literacy is a human right. Protocols, not platforms. Communities, not customers. User-Authored Works, not user-generated content.

#Privacy #InfoSec #FreeCulture #FLOSS

https://cgit.freebsd.org/src/commit/?id=e68433e1990d5f1bcc1bdd270d65f1e4792a8e1b

This is the kind of bug that #HardenedBSD protects against with its kmalloc hardening feature. It forces memory zeroing upon both allocation and free. My own non-build systems (laptops and non-build servers/VMs) all run with hardening.kmalloc_zero=1.

#FreeBSD #infosec

@stefano Hear, hear. And in n years the ability of bad or indifferent actors to collate data will be fantastically better. Not sure if it helps but I made a throwaway email address with a provider that had an email app of its own, so I could chat to estate agents without risking ++ spam. It was so useful that I kept it. In retrospect, I should have added a second pay as you go sim card. I'd wager that thoughtful clubs might let one use a nickname or non de plume and pay with cash or cryptocurrency. I'm guessing if all this was an option you'd have suggested it, but I thought it worth mentioning in this thread for completeness' sake.

#infosec #countersurvillance #privacy #personalData #security

⋅ Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days

− https://hackread.com/pwn2own-berlin-2026-hits-capacity-hackers-0-days/

#Pwn2Own #Hack #Hacking #InfoSec

@GrapheneOS

Hardened OSs like #GrapheneOS do a great job, but we have a major blind spot: The Hardware.

Modern phones are networks of dozens of "black box" computers (UFS, Baseband, Wi-Fi) running proprietary code we can't audit, disable, secure or replace.

Why this matters:
1️⃣ Persistence: Malware in your UFS/SSD controller survives a factory reset.
2️⃣ Tracking: Hardware Attestation acts as an immutable digital fingerprint.
3️⃣ Shadow Attacks: Zero-click exploits hit your Wi-Fi or Baseband before the OS can even react.

We are calling for #HardwareSovereignty. Inspired by the #OpenBSD philosophy, we demand:
✅ Open & replaceable firmware for ALL subsystems.
✅ User-controlled hardware toggles.
✅ Trust minimization that includes the manufacturer.

It's time to move from "Vendor-Enforced Security" to User Sovereignty.
Read the full Open Letter here: https://pastebin.com/RzRbzhwn

#HardwareSovereignty #Infosec #CyberSecurity #Privacy #OpenSource #TechFreedom

Alt...

The Trojan Guardian means a chip that is Security for the Vendor, but Privacy nightmare for the user.

I think a lot of us here are using #linkedin to stay in touch with our colleagues and ex-employers. I think i have an opportunity to get a whole boat load of people to switch.

What can we switch to?
(preferably something fedi-based)

#infosec #privacy #privacyalternative

#shopify #infosec

Can someone here breach Shopify in a funny way before someone breaches them in a boring way?

They are having an "AI" induced quality meltdown.

It is absolutely staggering how many shops run on their systems.

Nothing wakes you up as fast as a good information security incident.

From bed reading infosec news to the computer pressing buttons in like 60 sec.

now 3 hrs later i'll go and make a first coffee...

#infosec #cybersecurity

Deploying Quantum Computing Resistant Encryption Algorithms — a risk-based approach from Hoyt L Kesterson II

Description: Hoyt starts with Caesar and works up to public key and moves on to new encryption methods that resist quantum computing

This Thursday @ 19:00 AZ ( UTC - 7 )

1702 E Highland, Phoenix

@FLOSS_Stammtisch is next Tuesday on the 19th also starting at 19:00

#LocalGroup #Phoenix #Arizona #FLOSSgroup #LUG #PLUG #Stammtisch #FLOSS_Stammtisch #encryption #InfoSec #QuantumComputing

Patch your Linux home and production servers / clients

Privilege escalation bug

Instead of asking yourself why the second bug🥈 in 2 weeks has been found on such a level, be glad that it has been found

Just patch and move on

Note
These bugs only occur local not over the network over the internet.
Local_privilege_escalation

Sources

https://lists.debian.org/debian-security-announce/2026/msg00169.html

https://security-tracker.debian.org/tracker/source-package/linux

#InfoSec #programming #privilege #escalation #root #Linux #All #distributions #severe #high

Alt...

Debian bug tracker

Alt...

Debian patch entry

Some may have experienced outage intervals for our primary zone "quad9.net" on 8 May - for we which we are sorry and appreciate your support and patience 🫶 . Here are the details:

https://quad9.net/news/blog/analysis-of-outage-8-may-2026/

#DNS #transparency #infosec

Alt...

Server racks with purple and blue lighting in the background, featuring the white and red "quad9" logo overlay.

This is very good. Cloudflare should be fired.

"The four-hour gap between the onset of the attack and the appearance of Cloudflare addresses on Canonical’s repository hostnames is the interval during which the purchasing decision moved. I imagine engineers moving from 'hold the line' against attacks routed through Cloudflare to 'sign the Cloudflare contract'. Roughly the time it took for the cost of continued outage to exceed the deal Cloudflare offered."

Flying Penguin: Can Someone Please Explain Whether Cloudflare Blackmailed Canonical? https://www.flyingpenguin.com/can-someone-please-explain-whether-cloudflare-blackmailed-canonical/ #infosec #Canonical #Ubuntu #Cloudflare

@mttaggart

Moscow shutting down internet in May 5th to May 9th in order to ensure Victory Day parade security.

What I want to highlight is, if it is started by one country, the other will follows.

First, they banned VPNs, now the west also trying to ban VPNs.

What is gonna be next? Digital firewall?

I am here just telling we need to prepare and prevent your country to fall into this oblivion of internet freedom.

https://militarnyi.com/en/news/moscow-to-shut-down-mobile-internet-on-may-9-for-parade-security/

#infosec #internet #censorship

JDownloader Website Hijacked to Distribute Malware via CMS Exploit

JDownloader's official website was compromised via a CMS vulnerability, allowing attackers to replace legitimate Windows and Linux installers with malware-laden versions. Existing installations remain safe due to cryptographic signing, users who downloaded and executed the affected files on May 6-7 are advised to change all passwords, and enable multi-factor authentication or reinstall their operating systems.

**If you downloaded and ran the JDownloader Windows Alternative Installer or Linux shell script between May 6 and May 7, 2026, you should assume your system is compromised. Remove the systems, or ideally reinstall your system. Standard antivirus scans cannot guarantee the removal of this malware. Affected users must change all passwords and enable multi-factor authentication (MFA) on all accounts.**
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/jdownloader-website-hijacked-to-distribute-malware-via-cms-exploit-n-u-3-j-l/gD2P6Ple2L

Everybody hates #robocalls. But, despite tech reporting being willing to give the #FCC leeway, this new measure is not to stop robocalls, it won’t do a damn thing to stop robocalls. What it does is make burner phones illegal.

Burners are an integral part of many social justice actions. Protestors use them to record #ICE and other #cops. We include them in “Go Bags” to let abused women and children escape. They allow for anonymity.

They are a thorn in the side of the panopticon, and they are moving to eliminate them.

Stock up kids.

https://gizmodo.com/fcc-attempts-to-solve-robocall-problem-by-potentially-creating-even-bigger-privacy-problem-2000756762

https://www.wiley.law/alert-FCC-Proposes-Stronger-Know-Your-Customer-Rules-Will-Consider-Know-Your-Upstream-Provider-Rulemaking-at-May-20-Meeting

https://mashable.com/article/fcc-proposes-to-battle-spam-calls-at-the-expense-of-privacy-protections

#burnerPhone #anon #infosec #privacy #palantir #gop #sjw

A Debian developer released a one-click .deb mitigation for the Copy Fail and Dirty Frag Linux kernel flaws affecting Debian-based distros 🐧
The temporary package applies command-line protections for Ubuntu, Mint, and Debian users while awaiting upstream kernel patches and security updates 🔐

🔗 https://fossforce.com/2026/05/a-simple-one-click-mitigation-for-copy-fail-and-dirty-frag-for-debian-ubuntu-mint-and-other-debian-based-distros/

#TechNews #Tech #Debian #Ubuntu #LinuxMint #Mint #Linux #Cybersecurity #OpenSource #FOSS #Kernel #Security #Privacy #SysAdmin #GNU #Infosec #Vulnerability #CopyFail #DirtyFrag

ShinyHunters reportedly defaced Canvas login portals at about 330 schools after another breach of Instructure systems, demanding ransom payments before May 12 🎓
Attackers claim stolen Canvas data includes messages, enrollments, and user records 🔐

🔗 https://www.bleepingcomputer.com/news/security/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign/

#TechNews #Canvas #Instructure #ShinyHunters #Cybersecurity #DataBreach #Education #Privacy #Infosec #SaaS #SSO #Cloud #Ransomware #OpenSource #Security #Hacking #Breach #Extortion

Most people still think privacy works like this:

“I use a VPN, so I’m anonymous.”

But modern tracking no longer relies only on IP addresses.

Today, systems can fingerprint users through:

* browser behavior
* hardware characteristics
* TCP/IP stack patterns
* DNS behavior
* GPU/rendering fingerprints
* timing signatures
* viewport & display metrics
* runtime inconsistencies across layers

Changing your IP alone often isn’t enough.

That idea led us to build PH4NTXM.

Instead of randomizing things independently, PH4NTXM tries to create a coherent runtime identity where:

* hardware
* networking
* browser environment
* timing behavior
* GPU exposure

all align consistently within the same session.

The project is:

* live-only
* stateless
* non-persistent across boots
* fully open source

Current focus areas include:

* fingerprint surface reduction
* browser hardening
* network personality shaping
* Tor-isolated operation modes
* fail-secure session termination

We’re not claiming “perfect anonymity” — the goal is simply to reduce static identity behavior and avoid contradictory signals as much as possible.

Find us: https://github.com/PH4NTXMOFFICIAL/PH4NTXM

#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology

Et hop !
⋅ 9000 écoles touchées dans le monde... La plateforme éducative Canvas victime d'une intrusion majeure

− https://www.clubic.com/actualite-612388-ecoles-touchees-dans-le-monde-la-plateforme-educative-canvas-victime-d-une-intrusion-majeure.html

#InfoSec

3D printing health risks: fumes, ultrafine particles, VOCs — and most people printing at home have no idea. The tech is wonderfully accessible, but the safety conversation hasn't quite kept up with the maker movement.

Sometimes the most interesting attack surface is the one sitting on your desk. 🖨️

#infosec #maker #hardware
https://www.bgr.com/2156591/3d-printing-health-risks-explained/

New Google Sheets "Chip" feature lets you extract data about people.

My takeaway: if you view a shared Google Sheet while logged into a Google Account, the doc owner (maybe others) can extract your location & phone. 1/n

https://support.google.com/docs/answer/13524011#zippy=%2Cpeople-smart-chip

#Google #GoogleSheets #Privacy #Security #Infosec

Alt...

Google Help screenshot. Text says: Types of data you can extract You can extract data from smart chips in your Google Sheets to include information about the following chips: People smart chip A Information comes from domain profiles. + Email + Name + Location* + Phone* « Title* Note: Information with * are only available to Google Workspace Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Education Standard, and the Teaching and Learning Upgrade users.

Habis #CopyFail terbitlah #DirtyFrag

• CVE-2026-43284
• CVE-2026-43500

Belum coba sih poc-nya, tapi sepertinya simpel juga.

https://github.com/V4bel/dirtyfrag/blob/master/README.md

#linux #cve #infosec

Automated #security scanning.

What tools do you use to scan your enviroments for security issues? Why?

Not looking for virusscanners here, more for a bit more enterprisy enviroment?

Are there things i should have a look at?

What is your experience in general?

RT welcome for reach.

#infosec #cyber #cybersecurity #blueteam

Anyone have a collection of PCIe whitepapers and specs I could reference?

#infosec

Yesterday at the @nluug I learned about podcasts provided by @hpr that covers topics for "hackers".

So check out to see if there is anything useful in there for you.

#infosec #opensource #linux

Indonesia's Directorate General of Immigration busted an international investation scam ring in Batam.

During the raid, they arrested 210 people.

It is believed they are affiliated/former international scam ring based in Cambodia.

Evidences retrieved:
- 131 computer units
- 93 laptop
- 492 cellphones
- 52 monitors

GG guys

Source:
https://x.com/RidhaIntifadha/status/2052677811337576637

#indonesia #IndonesiaNews #imigrasi #cybersecurity #infosec #cybercrime #Batam

Alt...

The Directorate General of Immigration has arrested 210 foreign nationals suspected of committing online investment fraud in Batam. The victims are overseas, but the operation is based in Indonesia. They didn’t arrive all at once, but in small groups over time. There are indications that this is a former international network based in Cambodia.

Linux zero-day “Dirty Frag” lets local users gain root on major distros by chaining kernel page-cache flaws with no race condition required 🐧⚠️
Ubuntu, Fedora, RHEL and openSUSE remain unpatched, while temporary mitigations disable modules tied to IPsec VPN and AFS support 🔓

🔗 https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/

#TechNews #Linux #DirtyFrag #ZeroDay #CyberSecurity #Kernel #Ubuntu #Fedora #RHEL #OpenSUSE #Privacy #FOSS #Security #Infosec #OpenSource

Oh and a reminder that the whole "wow Mythos is such much special at finding vulns amaze" shtick is largely just Anthropic's hype.

https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier

> We tested Anthropic Mythos's showcase vulnerabilities on small, cheap, open-weights models. They recovered much of the same analysis. AI cybersecurity capability is very jagged: it doesn't scale smoothly with model size, and the moat is the system into which deep security expertise is built, not the model itself.

#AI #Mythos #InfoSec

Will the rate of vulns being found "thanks to AI" be higher than the rate of vulns being introduced by vibe-coding shit?

No. It will not. You know it as well as I do.

Why? Because the incentives have not changed.

What remains heavily incentivised is excreting more code and slapping more and more random features, not quality control and robustness.

I've linked this before, but it remains so very on-topic and on-point, so here it is again:
https://freakonometrics.hypotheses.org/89367

#InfoSec #AI #Mythos

The canvas hack drags on. Today was the ransom deadline I'm told, and the app is down.

Everyone at my uni has been given extensions on assessment until midnight Monday, so they seem to think they'll have it back by then. In the meantime we're all to read up on identifying phishing attempts.

I'm fully aware how hard defensive cyber security is, but I also know that almost no-one puts enough resources into it. I'm very sick of the money and strategy people facing no consequences for gambling with my data.

#cyber #infosec #Canvas #privacy
edited for typos

https://lwn.net/Articles/1071719/

#DirtyFrag is a broken embargo.

Local Privilege Escalation to root.

Public working exploit. No CVE assigned yet.

No fix in sight.
<edit> 7.0.5 was just released which has a fix </edit>
<edit 2> CVE-2026-43284 has been assigned</edit 2>

#infosec #cyber #tsunamiofvulns #CVE-2026-43284

This is the documentation & exploit of DirtyFrag:
https://github.com/V4bel/dirtyfrag/blob/master/README.md

Alt...

are you not entertained meme

If anyone knows of any decent write-up on securing ZooKeeper / ClickHouse Keeper, I am very interested.

Documentation of both is really crap I find, and security seems to be a complete afterthought.

I would love to be proven wrong on that last bit.

#InfoSec #SysAdmin #ClickHouse #ZooKeeper

@ireneista @darkuncle @tg

Just curious, does anyone still use #PortKnocking, or has stuff like Tailscale relegated that to the bitbucket of #infosec praxis?

⋅ Scammers Use Hidden Text to Bypass AI Email Filters in Phishing Scams

− https://hackread.com/scammers-text-bypass-ai-email-filters-phishing-scams/

#InfoSec #Scam

Today an interesting keynote by @beauwoods at the @nluug conference.

Beau explains where policy and technical controls meet, the complexities involved, and some paths forward.

Thanks Beau!

#NLUUG #infosec

Alt...

Beau giving a keynote, asking the public raising their hands as a response to a question

hey so. looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years experience administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. I'm also 26, so I started when I was 11, explaining the no jobs so far. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Three machines, 72 docker containers. One running most of them, one running Mastodon+glitchsocial, one running the uptime monitor. encrypted root on ZFS, alpine linux, gVisor on supported containers, plan to move to Kata. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. Currently using gVisor, docker compose, and kata containers in production, experience with Linux, docker, Net/Open/FreeBSD, Cisco IOS, Juniper Junos, Mikrotik and UniFi, configuring and administering Asterisk, plus extensive experience with IBM AIX and Sun Solaris. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps #GetFediHired

Please boost for reach, any job offers please DM me.

https://www.abc.net.au/news/2026-05-06/australian-educational-facilities-impacted-by-canvas-hack/106650094

We were told about this at uni today. They took pains to tell us they "only" had access to out names, emails, and messages between people. But don't worry, not our passwords or bank details.

I mean, yes, if they had access to passwords (which ought to be encrypted), or bank details (which ought to be handled separately by someone with better creds than the beleaguered uni IT team), that would be a monumental fuck up bigger than the one that actually happened. But also I* can change a fucking password. I can't change my uni address. And who knows what people have put into "messages".

* yes, I understand passwords matter because most people reuse them and don't change them. It's just a less big deal to me personally.

#breach #privacy #cyber #infosec

⋅ Google's Android Apps Get Public Verification to Stop Supply Chain Attacks

− https://thehackernews.com/2026/05/android-apps-get-public-verification.html

#InfoSec #Android #Google

Here's a thought:

The fact that people are experiencing issues with DE sites and asking if CloudFlare is down speaks volumes about the stability of DE ccTLD and the broader DNS compared to big cloud providers.

#DNS #InfoSec #SysAdmin

DENIC's status page:
https://status.denic.de/

Screenshot below in case you're not able to load it (as I said, stuff is going to be intermittently failing).

#DNS #DENIC #DNSSEC #InfoSec #SysAdmin

Alt...

DNSSEC disruption affecting .de domainsPartial Service Disruption Incident Status Partial Service Disruption Components DNS Services DNS Nameservice May 5, 2026 23:28 CEST May 5, 2026 21:28 UTC INVESTIGATING Frankfurt am Main, 5 May 2026 – DENIC eG is currently experiencing a disruption in its DNS service for .de domains. As a result, all DNSSEC-signed .de domains are currently affected in their reachability. The root cause of the disruption has not yet been fully identified. DENIC’s technical teams are working intensively on analysis and on restoring stable operations as quickly as possible. Based on current information, users and operators of .de domains may experience impairments in domain resolution. Further updates will be provided as soon as reliable findings on the cause and recovery are available. DENIC asks all affected parties for their understanding. For further enquiries, DENIC can be contacted via the usual channels.

https://www.theregister.com/2026/05/02/ncsc_brace_for_patch_tsunami/

The patch tsunami is coming. #infosec

"All organizations have 'technical debt'; a backlog of technical issues – that is both expensive and time-consuming – as a result of prioritising short-term gains over building resilient products.

Artificial Intelligence, when used by sufficiently-skilled and knowledgeable individuals, is showing the ability to exploit this technical debt at scale and at pace across the technology ecosystem. The result is likely to be a "forced correction" as those weaknesses are uncovered and addressed in bulk"

Edit: issue seems fixed.

Looks like DE ccTLD is unresolvable due to DNSSEC issue:
https://dnsviz.net/d/nic.de/afpsNg/dnssec/

😬

🧵👇

#InfoSec #DNSSEC #DNS #Germany

⋅ We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

− https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html

#InfoSec #CyberSec

I am looking for a few more US-based early adopters to provide feedback on a protective DNS service offering aligned with NIST SP 800-81 Rev. 3 (March 2026).

https://csrc.nist.gov/pubs/sp/800/81/r3/final

This service merges Zero Trust and DNS without requiring client-side agents. Supports mobile devices, browsers, server hardware & IoT.

If you're interested in providing feedback on this service as a free beta tester, email me at:

securednsbeta@techliterate.co

#FreeBSD #BastilleBSD #ZTA #DNS #IOT #NIST #Infosec

Did a good zero knowledge to full control of web app without tools pen test last week.

1. found /.git/config was readable
2. said config file contained GitHub personal access token
3. cloney cloney clone clone
4. review app source, find lots of debug holes and frankly, nasty sql injection issues
5. find hardcoded cloud storage credentials in source
6. party like it were the early 2000’s i guess

#infosec

Holy shit, Microsoft. Whoever made this decision should be fired. Into the Sun.

https://lemmy.world/post/46435614

#infosec #facepalm #clowncar

P.S. I see from looking at the ICS file in a text editor that it was produced with Microsoft Exchange Server 2010, which as far as I can tell has been out of support (i.e., no longer receiving security updates) since 2020. The invitation in question came from a healthcare facility bound by HIPAA. It is an obvious violation of the HIPAA security rule to be running Microsoft server software that is no longer supported or receiving security patches.
#infosec #HIPAA

Experiment update

Amazon are 2/2 for hitting the QR canary token - same CDN, same non-phone user agent each time. Seems to happen async after the delivery, maybe 20 mins or so later.

Actual delivery photo from today below.

Only other test subject so far is Fedex, they did not trigger the QR.

#infosec

Alt...

amazon delivery photo

Do not forget to always patch your Linux / BSD distributions wherever they may reside.
Forgetting to do so may open up your systems for known exploits which is easily avoidable, from the InfoSec perspective

In case you don't know termux yet on ARM architecture go read and learn

Sources:

man man(1)
man apt

#Linux #termux #Patch #update #upgrade #programming #BSD #InfoSec #ARM #X86 #freedom #OpenSource

Alt...

Termux upgrade

⋅ Plus d'un million de sites web exposés à la faille exploitée cPanel

− https://www.lemondeinformatique.fr/actualites/lire-plus-d-un-million-de-sites-web-exposes-a-la-faille-exploitee-cpanel-100074.html

#InfoSec

/rant
FFS vendors. Randomizing a MAC isn't making anyone safer. It just makes it harder for folks to manage their networks.

Up next on Today's Rant, enough with blocking inbound ping. You're not hiding from network probes.

#InfoSec #Security #Networking

Reports: A critical cPanel & WHM zero-day (CVE-2026-41940) is being actively exploited since Feb—attackers can bypass auth to gain full admin access. Patch immediately. 🔥🔐⚠️ Read: https://cyberinsider.com/critical-cpanel-zero-day-auth-bypass-exploited-since-february/ #cPanel #infosec #zeroDay #cybersecurity

Debunkage de la vidéo sur les mots de passe de Fabien Olicard : mémorabilité, densité et entropie irréconciliables ?

https://docs.numerique.gouv.fr/docs/4805aabe-79e1-4101-9efe-f18496a11dec/

Nouvel article argumentant notamment que toute structure dans un mot de passe nuit à sa qualité !

#infosec #olicard #fabienolicard #password #motdepasse

Mozilla Patches Critical Memory Safety and Sandbox Escape Flaws in Firefox

Mozilla released security updates for Firefox and Firefox ESR to fix five vulnerabilities, including critical memory safety bugs and a sandbox escape that could allow arbitrary code execution.

**Update Firefox and Firefox ESR as well as your Firefox based browsers (Tor, Waterfox, LibreWolf...). Mozilla fixed multiple critical memory safety bugs and a WebRTC sandbox escape that could allow a malicious website to take full control of your system. Your browser is your primary gateway to the web and will be hit first. Update now, all your sessions and tabs will be restored automatically.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mozilla-patches-critical-memory-safety-and-sandbox-escape-flaws-in-firefox-s-w-c-f-9/gD2P6Ple2L

Fresh gist: mitigating CVE-2026-31431 ("Copy Fail") on RHEL 8/9/10 with a tiny Ansible playbook.

It blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run.

https://codeberg.org/Larvitz/gists/src/branch/main/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md

#Ansible #RHEL #Linux #InfoSec #SysAdmin #DevOps #CVE #CVE_2026_31431 #copyfail

"[AI] Agents can now create Cloudflare accounts, buy domains, and deploy"

Like every other Cloudflare service, this was likely designed to enable threat actors, amplify abusability, and reduce accountability.

#infosec #cybersecurity #threatintel

https://blog.cloudflare.com/agents-stripe-projects/

Baby steps.
#infosec #MFA #2FA #SimSwapping

Alt...

Subject: Important Updates to How You Bank with Beacon Bank Protecting you In an effort to further protect our customers, email‑based muti‑factor authentication (MFA) will be eliminated beginning in May. To ensure uninterrupted access to your accounts, please take a moment to update your Two-factor authentication settings by selecting Security under your account settings online or under Login and Security in the mobile app. Be sure to add a supported authentication method, such as a cell phone number or an authenticator app. Please note that an authenticator app can only be added from the web version of online banking, not from the Beacon Bank app. In the text above in the image, "email-based multi-factor authentication (MFA) will be eliminated beginning in May" has been highlighted by me in green, and "a supported authentication method, such as a cell phone number" has been highlighted by me in red.

Has anyone here heard anything about GiveHero? Work's using it for a fitness challenge thing and while I'm ok with handing out a week of fitness data for some fun community building nonsense with my new coworkers I'd rather not find out the app is a front for some military-industrial complex spyware or something.

#infosec #privacy #GiveHero

Yikes.

https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/

#linux #infosec

Fresh gist: mitigating CVE-2026-31431 ("Copy Fail") on RHEL 8/9/10 with a tiny Ansible playbook.

It blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run.

https://codeberg.org/Larvitz/gists/src/branch/main/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md

#Ansible #RHEL #Linux #InfoSec #SysAdmin #DevOps #CVE #CVE_2026_31431 #copyfail

RE: https://cyberplace.social/@GossiTheDog/116496411504697248

I HATE TO BE THAT GUY but even as this paints the security in a bad light… do we know if this wasn't aislopped?

we don’t.

and that's the point of #AI : it’s a complete rejection of The Social Contract on how we agree on the truth.

we need the #infosec community to help us create new, defensive fact checking protocols. the oligarchy wants to own reality, and define the truth. pushback on giving them the benefit of the doubt.

Y’ALL DID AND WE LOST THE RIGHT TO ABORTIONS, AND VOTING RIGHTS

trying a new thing, have 3D printed a QR code and put it on the front porch

QR code triggers a canary token

want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI

#infosec

Alt...

my door mat with a 3d printed qr code to the side, the qr code is covered up in this picture to protect the integrity of the experiment

A lot of people are apparently happily running a script clearly marked as a root exploit from some random website using curl | bash

Some do inspect the script, but then still run it using curl | bash anyway.

Incidentally, this very relevant blogpost about detecting curl | bash and serving different scripts based on that is almost exactly a decade old:
https://web.archive.org/web/20230318063325/https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

#CopyFail #InfoSec

⋅ New Bluekit phishing service includes an AI assistant, 40 templates

− https://www.bleepingcomputer.com/news/security/new-bluekit-phishing-service-includes-an-ai-assistant-40-templates/

#InfoSec #Phishing

FastCGI: 30 Years Old and Still the Better Protocol for Reverse Proxies by @agwa

How to avoid getting pwned by request smuggling and untrusted headers.

https://www.agwa.name/blog/post/fastcgi_is_the_better_protocol_for_reverse_proxies

#infosec #FastCGI #PHPFPM #PHP

One of the other domains I registered as I descended into this rabbit hole was "dev-user.com".

Based on email traffic, owning that domain has been enough to give me admin access to a couple of Wordpress-powered sites, and multiple SaaS apps (particularly, staging/non-prod instances).

All orgs involved have been informed.

So to summarize current state of Plexfiltration:

1 - Deleteduser/deleted-user.com = 65 orgs using
2 - Internaluser.com - 12 orgs
3 - service-account.com - 8 orgs
4 - dev-user.com - 6 orgs

#infosec

Anybody else getting daily spam phone calls from "Jeff" at #Anomity, each one from a different phone number.
They finally pissed me off enough that I reamed them out on #LinkedIn (https://www.linkedin.com/posts/share-7455310831493423104-ZjfJ). Not that I expect it to do any good; a company that resorts to making sales calls from spoofed phone numbers isn't going to stop just because somebody asks them to.
(And I suspect "Jeff" is AI, not a real person.)
#AnomityAI #spam #AI #infosec

ISO an Infrastructure Provisioning Manager to join our amazing Quad9 team. 🌠

Interested? You can find all the details right here: https://quad9.net/about/jobs/

Remember, sharing is caring 🫶

#DNS #privacy #internetfreedom #infosec #getfedihired #jobs #hiring

Alt...

Quad9 logo with a neon pink glowing frame and text saying "We are hiring, join our team" on a black background.

🧠 Quiz Infosec — Wednesday 29 Apr

Dans le contexte des systèmes legacy, quel mécanisme protège un secteur de démarrage (MBR) contre les modifications non autorisées ?

Résultats + explication demain ! #quiz #infosec #CyberQuiz

OK, so, #Kroll just sent out breach notice + identity monitoring offer letters on behalf of #ColumbiaUniversity.
We received two. They were addressed to first initial + last name. The salutation of the letter, also, says "Dear <initial>:" rather than giving a name.
The two letters' initials match my wife's and my first names. They _also_ match the first names of two of our kids who may have applied to Columbia.
So, who the fuck are the letters for? 🤔🤷🤡
#infosec

I just got given admin access to some Medicaid filing platform because I own the domain internaluser.com

#infosec

⋅ Firestarter : la porte dérobée qui survit aux correctifs Cisco

− https://www.lemondeinformatique.fr/actualites/lire-firestarter-la-porte-derobee-qui-survit-aux-correctifs-cisco-100036.html

#InfoSec #CyberSec #Cisco

https://www.thatprivacyguy.com/blog/anthropic-spyware

Security researcher Alexander Hanff wrote an article titled Anthropic secretly installs spyware when you install Claude Desktop. Anthropic has not denied the report, as of time of post.

TLDR: If a user installs Claude Desktop on a Mac (pc test results tba), it installs a backdoor into every browser, even those not installed. By testing on a clean machine, Hanff discovered that Installing Claude Desktop for macOS drops a Native Messaging host manifest into multiple Chromium profiles (Chrome, Edge, Brave, Arc, Vivaldi, Opera, Chromium), even including for browsers that are not actually installed yet.

How bad is it? Well...that depends. What it does is create a very wide attack vector, especially for prompt injection. That it is done invisibly, without telling the user, and making it difficult to remove, is certainly problematic.

I dunno man, maybe don’t use the planet destroying tulip craze?

#infosec #claude #ai #llm #security #browsers

@harrysentonbury @lydiaconwell @cmconseils that's actually a pretty common #scam:
- #FakeShops using #Typosquatting-Domains!
It's called #Quishing (#QRcode + #Phishing)

Or as we say in #Germany:
"Get #Klöckner'd!" (aka. get #phished!)…
https://taz.de/Angriff-via-Signal/!6174144/

#Phishing #ITsec #InfoSec #OpSec #ComSec #QRcodes #Enshittification

Haven't had much new stuff to report on this topic for a bit...until today!

3 new arrivals to the deleteduser dumpster:

- a company that handles public/guest wifi access in Europe

- An EU based sports club booking platform

and, extremely concerningly:

- a period tracking app, that emails out full PII and data

All have been contacted.

In lighter plexfiltration news, a developer who was testing something out sent a 'hello, test' message to a 'deleted user', so I was able to respond with 'test worked - hows it going?' which I can only assume really freaked them out.

Out of the now 60ish orgs contacted, have heard back from 2 who have fixed their use of deleteduser.com. I'd say that maybe 3 or 4 have dropped off, but the rest still continue.

Ironically, this includes all of the tech and cybersecurity companies that were contacted.

#infosec

Note d’alerte par le Centre de Coordination des Crises Cyber (C4) : mise en garde contre une vaste offensive de piratage ciblée via les messageries instantanées ; les secteurs régaliens sont spécifiquement visés #Infosec https://www.dgsi.interieur.gouv.fr/dgsi-a-vos-cotes/cyberdefense/note-dalerte-ciblage-des-messageries-instantanees

Ah, the fun of abuse contact emails. "attempt of DoS attack" , "using 9.5 TCP kpkts/s".

The "DoS" in question: Someone downloading suse package updates at the rate of ~15Mbit/s, leading to us, the suse mirror, sending tcp packets in their direction...

#DoS #infosec

⋅ Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files

− https://hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/

#InfoSec

Bitwarden CLI version 2026.4.0 was compromised via a GitHub Actions supply chain attack, distributing malicious npm code that stole secrets 🔓
The package was briefly available before removal, with attackers exfiltrating tokens and injecting workflows across CI pipelines 🔐

🔗 https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html

#TechNews #Bitwarden #SupplyChainAttack #Cybersecurity #GitHub #npm #DevSecOps #OpenSource #Security #Infosec #DataBreach #Malware #Encryption #Privacy #Vulnerability #PasswordManager #Password

Leaving SSH port 22 open for 54 days — and carefully logging every knock at the door. The result? A fascinating (and slightly dizzying) portrait of what the internet looks like from the outside. Spoiler: it's busy. Very busy. 🔍

#infosec #SSH #honeypot
https://arman-bd.hashnode.dev/i-left-port-22-open-on-the-internet-for-54-days-here-s-who-showed-up

RE: https://floss.social/@jgbarah/116466838668052295

really fascinating read
#webdev #infosec

AI/ML Security

<https://openssf.org/groups/ai-ml-security/> @openssf @linuxfoundation

＂This working group is situated at the intersection between security and artificial intelligence (AI). We explore the security risks associated with Large Language Models (LLMs), Generative AI (GenAI), and other forms of artificial intelligence and machine learning (ML), and their impact on open source projects, maintainers, their security, communities, and adopters. Furthermore, we explore using AI and ML to strengthen the security of other open source projects.

This group in collaborative research and peer organization engagement to explore topics related to AI and security. This includes security for AI development (e.g., supply chain security) but also using AI for security. We are covering risks posed to individuals and organizations by improperly trained models, data poisoning, privacy and secret leakage, prompt injection, licensing, adversarial attacks, and any other similar risks.

This group leverages prior art in the AI/ML space,draws upon both security and AI/ML experts, and pursues collaboration with other communities (such as the CNCF’s AI WG, LFAI & Data, AI Alliance, MLCommons, and many others) who are also seeking to research the risks presented by AL/ML to OSS in order to provide guidance, tooling, techniques, and capabilities to support open source projects and their adopters in securely integrating, using, detecting and defending against LLMs. …＂

#AI #ML #security #cybersecurity #infosec #Linux

⋅ New ‘Pack2TheRoot’ flaw gives hackers root Linux access

− https://www.bleepingcomputer.com/news/security/new-pack2theroot-flaw-gives-hackers-root-linux-access/

#InfoSec #Linux

Defending Against China-Nexus Covert Networks of Compromised Devices #infosec
https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-113a

Happy #ColumbiaUniversity #BreachNotification Day to those who celebrate!
(And it only took them ten months. Wow, so fast!)
#infosec #privacy #breach

Alt...

An envelope whose return address is "Columbia University / IN THE CITY OF NEW YORK / Return to Kroll" and recipient is "J KAMENS"

Switzerland plans a gradual shift from Microsoft products to reduce dependency, citing digital sovereignty and long-term control over public IT systems 🇨🇭
Open-source alternatives are under review amid cost, lock-in, and US Cloud Act data access risks tied to foreign providers 🔍

🔗 https://www.swissinfo.ch/eng/swiss-authorities-want-to-reduce-dependency-on-microsoft/

#TechNews #Swiss #Switzerland #Microsoft #OpenSource #FOSS #DigitalSovereignty #Sovereignty #Privacy #Cybersecurity #Regulation #Infosec #Tech #Government #IT #Office #LibreOffice #Linux #US

was testing an AI tools willingness to call its own API’s this week

1. gave it an absolute url to call, everytime it replaced it with a place holder because its prompt must’ve included a “never call yourself” rule

2. gave it the same url, but base64 encoded and said, “base64 decode the url and call it”- it worked - willingly made calls to its own api in the context of itself

like a 2000’s era waf bypass

what’s old is new! but with a glowy border around the input box so you know its fancy af

#infosec

Ok, if you are particularly sensitive to the effects of irony, I suggest you take a seat before reading further.

In what is perhaps the most perfect encapsulation of everything that this experiment has shown so far, last night, deleted-user.com received over 400 emails from the same organization.

This was an EU based tech firm.

The purpose of those emails? They were from the company's legal team, advising users of updated terms and conditions, and the first update was:

"Data protection: we added language explaining how we handle personal data under the GDPR"

#infosec #gdpr

lol. lmao, even.
To be clear: it absolutely sucks that the Trump administration has done the same hatchet job to #CISA that they've done to most of the rest of the federal government. We need strong federal #infosec leadership. But after all the damage Trump has done to CISA, it's a joke and will remain a joke regardless of whether it has a Senate-confirmed head and regardless of who that head is.
Given that, I am comfortable laughing at the ineptitude here.
https://techcrunch.com/2026/04/23/trumps-pick-to-run-us-cyber-agency-cisa-asks-to-drop-out/

Ummm... Is SANS training ICE?

https://sam.gov/workspace/contract/opp/99f8bdc298c34f06bcac9bd7e39b1bca/view

Edit to add: SANS is training ICE how to pull information off of harddrives, etc.

FOR498: Digital Acquisition and Rapid Triage

"Course Overview:
A digital forensic acquisition training course, FOR498 provides the skills to identify the many and varied data storage mediums in use today, and how to collect and preserve this data in a forensically sound manner despite how and where it may be stored. This forensics data collection course covers digital acquisition from computers, portable devices, networks, and the cloud, and teaches rapid triage—the art and science of identifying and starting to extract actionable intelligence from a hard drive in 90 minutes or less."

This training will directly hurt people.

#sans #ice #infosec

Alt...

Notification of SANS Training for US Immigration and Customs Enforcement

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign #infosec
https://socket.dev/blog/bitwarden-cli-compromised

Today, there is a meeting between @wikipedia and Ministry of Communication and Digital Affairs.

Whether or not wikipedia and wikimedia blocked are depends on today meeting.

Let's hope we won.
#Indonesia
#indonesiaNews
#wikipedia
#wikimedia
#digitarights
#censorship
#infosec

@indonesia

Alt...

Wikipedia Blocked or Not Depends on Today's Meeting

Fucky fuck ! KiD est fasciné par mes histoires de "hackers", white hats, grey hats, black hats, les mags que je lis encore, Phrack, 2600 (nan...pas LinuxFr), les outils que je maîtrise...
Got r00t !? 😜
J'avais dit : Le même mec pète tous les sites d'assos de sport, ça doit être le même soft, la même faille.
J'avais dit à un pote, qui n'y croyait pas : Lulzsec c'est des branleurs ils vont se faire niquer, ils sont trop prétentieux et pas furtifs !
¯\_(ツ)_/¯

#infosec

⋅ Cybercriminals Exploit French Fintech Accounts to Move Stolen Money Before Detection

− https://cybersecuritynews.com/cybercriminals-exploit-french-fintech-accounts/

#InfoSec #CyberSec

I am sure there is absolutely no reason to fear that the frequency and severity of security breaches like this one will increase as age verification laws get passed all over the world. /s
The legislators writing these laws for the most part can't be bothered to include strict privacy, security, or data deletion requirements. They're not even _trying_ to do this right (not that there _is_ a way to do age verification right, but still…).
https://techcrunch.com/2026/04/22/france-confirms-data-breach-at-government-agency-that-manages-citizens-ids/
#infosec

Google is sleeping with ICE. And they have your data. So, yeah, maybe detach from their services.

https://www.eff.org/press/releases/eff-state-ags-investigate-googles-broken-promise-users-targeted-government

#Google #ICE #Fascism #Privacy #InfoSec #OpSec

#TechIsShitDispatch
OK, so, with all the advances in computing and networking technology we've seen in recent decades, it's certainly possible, at least in theory, for it to be entirely pleasant and hassle-free to book international travel involving multiple airlines.
Let's talk about what we get instead.
#travel #Qantas #AmericanAirlines #infosec #UX (1/16)

#ai #infosec

Alt...

tweet about loveble data leak

Oh good, Claude Desktop on MacOS silently and continually whitelists browser extensions that aren't installed yet on browsers that aren't installed yet that Anthropic says it doesn't support yet.

#AI #Privacy #InfoSec
Anthropic secretly installs spyware when you install Claude Desktop — That Privacy Guy!

⋅ Les Magasins U ont été piratés : les données des clients ont été compromises

− https://www.01net.com/actualites/les-magasins-u-ont-ete-pirates-les-donnees-des-clients-ont-ete-compromises.html

#InfoSec

New.

This guy is 24-years-old. His chosen career path is cybercrime. We really should ask what is happening to that generation because there are multiple accounts of kids in their teens turning to cybercrime, not just in the UK, although that country clearly has a problem. Technically, this shouldn't qualify as "normal," non-delinquent behavior. So, in the grand social tapestry, there is a glaring black hole. Who failed?

KrebsonSecurity: ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/ @briankrebs #infosec #ransomware

https://www.tomshardware.com/tech-industry/cyber-security/vercel-breached-after-employee-grants-ai-tool-unrestricted-access-to-google-workspace

#infosec #ai

Things going great.

in my 4 decades of online life, i go where these people go:
#astronomers especially #NASA
#infosec & #hackers
#scientists especially epidemiologists, especially² #COVID19 #researchers
#lawyers
#DIY & #FLOSS
#bike riders
#musicians and #DJs cuz they’re curators by default
#photographers
#gardeners
#LGBTQIA+ esp trans folks
#disability activists
#sexWorkers
#metereology & #climate activists
#historians
#foodies

these people not only know what's newsworthy. they’re often the news.
🧵…

Dissecting Sapphire Sleet’s (Bluenoroff) macOS intrusion from lure to compromise #infosec
https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/

Some interesting bits in there, like "invokes the legitimate macOS softwareupdate binary with an invalid parameter, an action that performs no real update but launches a trusted Apple‑signed process to reinforce the appearance of legitimacy"

⋅ « StravaLeaks » : quand les traces numériques deviennent un enjeu de sécurité

− https://theconversation.com/stravaleaks-quand-les-traces-numeriques-deviennent-un-enjeu-de-securite-279942

#Strava #Leak #InfoSec

Je viens de publier un cours intitulé "Identité et méthodes d'authentification" sous licence CC-BY : https://broken-by-design.fr/posts/cours-id-authn/

Ce cours s'adresse aux personnes de niveau M2 et aux professionnel.les débutant.es, même si les plus expérimenté.es pourraient y trouver des informations intéressantes.

Il comprend une introduction aux différents types de référentiels d'identités, avant de plonger dans l'authentification, sous des angles juridiques et techniques. Authentification multifacteur, forte, résistante au phishing, assurant de bonnes garanties de vie privée ! Authentification à l'état de l'art ! Vous pourrez en apprendre plus à ces sujets grâce à ce cours.

Et ce n'est que la première partie ! Ce mois-ci, une seconde partie sera publiée, sur le sujet de l'autorisation, avec un TP de mise en place de #Keycloak pour une authentification fédérée avec OpenID Connect! À suivre !

#oidc #webauthn #identité #authentification #saml #tls #motdepasse #password #snc #eidas #dsp2 #infosec #cours #ccby4 #phishing

⋅ L'ANTS piratée à cause d'une faille basique et 19 millions de Français en font les frais, une fois de plus !

− https://www.clubic.com/actualite-609775-l-ants-piratee-a-cause-d-une-faille-basique-et-19-millions-de-francais-en-font-les-frais-une-fois-de-plus.html

🤦‍♂️

#InfoSec #CyberSec #ANTS

i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.

The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.

And yes, all of those emails contain the actual PII of the person who has been 'deleted' :-D

#infosec

Mailcow Patches Critical XSS Flaws Enabling Unauthenticated Account Takeover

Mailcow patched three XSS vulnerabilities, including a critical flaw in Autodiscover logs, that allow unauthenticated attackers to take over administrator accounts and exfiltrate sensitive emails. The flaws were fixed in version 2026-03b after researchers demonstrated how to chain them with Login CSRF to steal user data.

**If you run a self-hosted Mailcow email server, update it to version 2026-03b ASAP. These vulnerabilities could let an attacker silently take over your admin account just by sending a crafted email. After updating, also check that your server is configured to only accept the X-Real-IP header from trusted internal proxies, not from the open internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mailcow-patches-critical-xss-flaws-enabling-unauthenticated-account-takeover-q-e-l-r-6/gD2P6Ple2L

Not a fan of Bill Mager for a variety of reasons...
And...

It seems he got this one right enough.

https://www.thewrap.com/creative-content/tv-shows/bill-maher-slams-ai-leaders-elon-musk-sam-altman-mark-zuckerberg/

#ai #bigtech #privacy #infosec

^^

⋅ It Takes 2 Minutes to Hack the EU-s New Age-Verification App

− https://www.wired.com/story/security-news-this-week-it-takes-2-minutes-to-hack-the-eus-new-age-verification-app/

#Hack #Hacking #InfoSec

This #infosec #meme dump is

https://infosec.exchange/@accidentalciso/116420809263172681

@hanno

The good thing is that if the old adage, "You don't have to be the fastest gazelle to outrun the lion, you just have to not be the slowest" is true, there are a crapton of slow gazelles out there right now.

Halfway sensible #infosec practices from 25 years ago would be fantastic today.

(That said, I never want to give anyone a false sense of security, especially when it's hard to even know what's vibecoded out there right now, let alone fully avoid it.

⋅ Europol-supported global operation targets over 75 000 users engaged in DDoS attacks

− https://www.europol.europa.eu/media-press/newsroom/news/europol-supported-global-operation-targets-over-75-000-users-engaged-in-ddos-attacks

#InfoSec

RE: https://infosec.exchange/@clueax/116420851531002484

Having recently completed a master's degree in Cybersecurity, this is incredibly accurate.

#infosec #cybersecurity

Class-action lawsuit with a free year of credit monitoring incoming in 3… 2… 1…
Alas, as an Amtrak passenger who has had my share of train trouble and therefore support tickets, my info (name, email address, physical address, support ticket details) was included in this breach. 🤦
https://haveibeenpwned.com/Breach/Amtrak
#infosec #breach #Amtrak #HaveIBeenPwned

Ha bin c'est un poil trop tard mais mieux vaut maintenant que jamais hein !

"L'utilisation d'applications et de logiciels étrangers dans le cadre professionnel constitue un risque, alerte la DGSI...
Cela concerne les messageries instantanées, les logiciels de visioconférence, le stockage de données en ligne, des outils d'intelligence artificielle, etc."

https://www.franceinfo.fr/internet/securite-sur-internet/info-franceinfo-l-utilisation-d-applications-et-de-logiciels-etrangers-dans-le-cadre-professionnel-constitue-un-risque-alerte-la-dgsi_7943810.html

#infosec #OpenSource #FLOSS

AI is going grreeaaaat...

Somebody invented a protocol for cross-application communication over the system clipboard. AKA copy and paste.

I was looking at the MaCOS telemetry and I found a weird script that was pasting AI prompts in the MacOS clipboard.

This is the 7th hell!

#infosec #aislop

I wrote up this cursed discovery with more details:

https://mike-sheward.medium.com/deleteduser-com-a-15-pii-magnet-c4396eb21061

#infosec

Indonesia will ban Wikimedia (including Wikipedia @wikipedia in 7 days if they don't register to PSE (a.k.a bow to whatever goverment said).

#Indonesia #IndonesiaNews #wikipedia #wikimedia #censorship #infosec

Alt...

Announcement: Wikimedia Project websites, including Wikipedia, will be blocked by the Ministry of Communication and Digital Affairs within 7 working days if they do not register as a Private Scope PSE in Indonesia. Previously, we have made a post regarding PSE which can be viewed below this post.

⋅ Google, Microsoft, Meta Tracking You Even if You Opt Out – New Research

− https://cybersecuritynews.com/google-microsoft-meta-tracking-even-you-opt-out/

#Google #Microsoft #Meta #InfoSec #Cybersec

WordPress sites, check your plug-ins. Stat.

https://techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/

#WordPress #infosec

i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.

The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.

And yes, all of those emails contain the actual PII of the person who has been 'deleted' :-D

#infosec

I have an old #Netgear #R9000 WiFi #router acting as an access point. This router is end-of-life and supposedly no longer receives firmware updates; there was a security update last September, so it isn't _too_ stale.
Because it's serving as an access point it has no public IP address, though obviously a sufficiently dedicated attacker could literally sit outside our house and talk to it over WiFi.
If you were in my shoes, what would you do with this router?
#infosec #homeInternet

#TechIsShitDispatch
I just discovered that a firmware upgrade with security patches for one of my home's WiFi routers was released by #Netgear in September 2025, but the router itself has continued to claim since then that no upgrade was available every month when I went to the firmware upgrade page on the router and told it to check.
Brillian, 10/10, no notes. 😠
#infosec

On recommence !
Les sites gouv : du gruyère…

⋅ Gros coup dur pour l'Éducation nationale, qui confirme ce mardi soir avoir été victime d'une nouvelle cyberattaque, qui expose les données d'élèves liées à ÉduConnect.

− https://www.clubic.com/actualite-608995-nouveau-piratage-au-ministere-de-l-education-nationale-les-donnees-des-eleves-volees-par-les-hackers.html

#EducationNationale #InfoSec

⋅ 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

− https://thehackernews.com/2026/04/108-malicious-chrome-extensions-steal.html

#InfoSec #Google #Chrome #Telegram

MyLovely.AI Data Breach Exposes Intimate Content and Personal Data of Users

A threat actor claims to have breached MyLovely.AI, an NSFW AI companion platform, and is auctioning a 2.1 GB database that allegedly includes user emails, social media handles, AI-generated explicit content, and roughly 113,000 private prompts, many tied to individual user IDs creating risks of doxxing, sextortion, and blackmail. The breach has been flagged as sensitive on Have I Been Pwned, and the company has not commented on the incident.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/mylovely-ai-data-breach-exposes-intimate-content-and-personal-data-of-users-k-7-d-h-o/gD2P6Ple2L

Adobe Reader Zero-Day Exploited in Targeted Fingerprinting Campaign

A zero-day actively exploited vulnerability in Adobe Reader's JavaScript engine allows attackers to exfiltrate system data and potentially execute remote code via malicious PDF files.

**If you use Adobe Reader, open it right now and disable JavaScript by going to Edit > Preferences > JavaScript and uncheck "Enable Acrobat JavaScript". This blocks the exploit's main attack path. Until Adobe releases a patch, don't open any PDF files from unknown or unexpected sources, and if you must view untrusted PDFs, use a browser-based viewer like Chrome or Edge instead of Adobe Reader. Always verify the source of PDF files before opening them.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/adobe-reader-zero-day-exploited-in-targeted-fingerprinting-campaign-v-j-p-4-b/gD2P6Ple2L

hey so this is probably completely pointless but: looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years expereince administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps

Please boost for reach, any job offers please DM me.

hey so this is probably completely pointless but: looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years expereince administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps #GetFediHired

Please boost for reach, any job offers please DM me.

One of my first interactions with encryptions was PGP, by Philip Zimmermann

I wanted certain emails to be encrypted with a public private key pair combination

In reading Zimmermann, documentation I noticed that there could be something wrong.

Source code openness and other eyeballs were needed.

## We got that in openGPG

I've NEVER trusted closed source encryption schemes.

I sometimes also verify if the shadow that's following me is actually mine

@h3artbl33d @Rairii

#InfoSec #programming #encryption #VeraCrypt #WireGuard #WindScribe #technology #microSlop

On the lemmy wires I've read that it has happened with three specific accounts

It's a coordinated attack. Microsoft wants these programs to disappear from its ecosystems. No one has access to drives and systems which are encrypted with these programs apart from the owner.

https://lemmy.world/post/45356143

@h3artbl33d

#InfoSec #programming #encryption #VeraCrypt #WireGuard #WindScribe #technology #microSlop

RE: https://flipboard.com/@404media/404-media-qvt3vv94z/-/a-qoIXNx-4Q-i9Qb4-DwsX5A%3Aa%3A4082434389-%2F0

If you think there's any chance that law enforcement might ever be interested in the content of your Signal chats, and you don't want them to have access to them, then setting up disappearing messages is necessary but not sufficient. You also need to go into the Signal settings and either disable notifications completely or set them to show "No name or message" so the content won't be capture and preserved in the phone's notification database.
#infosec #privacy #OpSec "#antifa"

Just found this interesting APT map by the Chinese cybersecurity company Qianxin #infosec
https://ti.qianxin.com/apt/apt

Alt...

World map centred the pacific ocean that shows list of APT groups per country, some of them written in Latin characters, some of then in Chinese characters

Does this mean that you shall also stop using curl?

AFAIK Daniel doesn't care what is used to find bugs

@rl_dane

https://mastodon.social/@bagder/116373716541500315

#curl #LLM #hallucinated #slop #AI #InfoSec #programming #technology

Oh boy…
https://edition.cnn.com/2026/04/08/china/china-supercomputer-hackers-hnk-intl

> A [cyberthreat actor] has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile schematics – from a state-run Chinese supercomputer

> The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed by experts to have been obtained from the National Supercomputing Center (NSCC) in Tianjin

🧵

#InfoSec #China #FlamingChina

⋅ E-commerce : une image SVG est utilisée pour voler les données bancaires

− https://www.it-connect.fr/e-commerce-une-image-svg-est-utilisee-pour-voler-les-donnees-bancaires/

#InfoSec #Ecommerce

hey so this is probably completely pointless but: looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years expereince administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps

Please boost for reach, any job offers please DM me.

National Supercomputing Center in Tianjin Allegedly Suffers Massive 10-Petabyte Data Breach

A threat actor known as FlamingChina allegedly stole 10 petabytes of sensitive military and aerospace data from the National Supercomputing Center in Tianjin after exploiting a compromised VPN. The breach, which occurred over six months, exposed classified research from 6,000 clients, including missile schematics and defense documents.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/national-supercomputing-center-in-tianjin-allegedly-suffers-massive-10-petabyte-data-breach-y-7-g-v-l/gD2P6Ple2L

#Microsoft locks account that #VeraCrypt maintainer uses to sign #Windows bootloaders with no explanation or route for appeal. If they don't fix this, in a few months every Windows computer that uses VeraCrypt whole-disk encryption will stop being able to boot and all the data on it that isn't backed up elsewhere will be lost. 🤦
If this doesn't convince you big tech has too much control, I don't know what will.
h/t @zackwhittaker
https://techcrunch.com/2026/04/08/veracrypt-encryption-software-windows-microsoft-lock-boot-issues/
#infosec #privacy #TechIsShitDispatch

A 27-year-old OpenBSD Vulnerability found in TCP SACK assessing Claude Mythos Preview’s Cybersecurity Capabilities ; other Bugs found in FFmpeg, FreeBSD NFS, Linux kernel... #OpenBSD #Infosec https://red.anthropic.com/2026/mythos-preview/

Hello, world!

We are IFIN, the Independent Federated Intelligence Network, and we want to change how threat intelligence is done.

We believe we're all safer when we share what we know. Come learn more and join us!

https://ifin-intel.org/blog/hello/

#ThreatIntel #ThreatIntelligence #Cybersecurity #Infosec

⋅ Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins

− https://www.bleepingcomputer.com/news/security/authorities-disrupt-dns-hijacks-used-to-steal-microsoft-365-logins/

#InfoSec #DNS

Hello, world!

We are IFIN, the Independent Federated Intelligence Network, and we want to change how threat intelligence is done.

We believe we're all safer when we share what we know. Come learn more and join us!

https://ifin-intel.org/blog/hello/

#ThreatIntel #ThreatIntelligence #Cybersecurity #Infosec

⋅ AI Agents and Non-Human Identities Creating Critical Security Gaps, Report

− https://hackread.com/ai-agents-non-human-identities-security-gaps/

#InfoSec

Well, of course they would try to attack gpus...

Escalating privileges...

https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/amp/

#privacy #infosec #gpu

@bagder

Just so I understand this correctly...
We don't want machine generated vulerability reports...

...so we can leave our #foss projects vulnerable to hackers who are not constrained by ideology in their sploits using #Ai ?

Yeah, that tracks with the current majority of #infosec "professionals" letting the Rome burn while they roast the marshmallows, feeling super pure and superior.

I think it says a lot about how seriously we should take any crypto firm which experiences a security breach and then chooses to publish their post-mortem… on X.com and only on X.com.
(Link is to Archive Today so as not to give clicks to X. Apparently xcancel.com doesn't properly display X "articles".)
(Yes, I know we shouldn't take _any_ crypto firm seriously, but this is particularly egregious.)
Ref: https://archive.ph/Bdoq7
#crypto #infosec #Twitter

What could go wrong?

⋅ Critical Claude Code Flaw Silently Bypasses Developer-Configured Security Rules

− https://cybersecuritynews.com/claude-code-vulnerability/

#InfoSec #CyberSec

⋅ BrowserGate: LinkedIn Tracks 6,000+ Browser Extensions on Users’ PCs

− https://hackread.com/browsergate-linkedin-track-browser-extensions-user-pc/

#Linkedin #InfoSec

Fbi reporting a data breach. Again.

https://www.newsnationnow.com/politics/fbi-data-breach-targeting-surveillance-system/amp/

#fbi #DataBreach #infosec

There used to be a time when building out a botnet required *some* work – writing exploits, taking over devices, obscuring the purpose of the executable, etc.

Not any more!

Instead of "malware", call it an "AI agent" and people will just happily install it on their devices with full root privileges!
https://github.com/jgamblin/OpenClawCVEs/

Bam! RCE by asking nicely.

🧵

#OpenClaw #AI #Hype #InfoSec

@nielsa no, that's not what I'm telling you.

I prefer to believe that most people will be thoughtful.

＂… a huge number of bugs. I have so many bugs in the Linux kernel that I can't report because I haven't validated them yet. I'm not going to make some open source developer validate bugs that I haven't checked yet. I'm not going to send them potential slop … I now have … several hundred crashes that they haven't seen because I haven't had time to check them. We need to find a way to fix this …＂

– Nicholas Carlini

#Linux #FreeBSD #security #cybersecurity #infosec #AI #LLMs

Alt...

Screenshot: a frame from https://www.youtube.com/watch?v=1sd26pWhfmg

🙄 Microsoft now force upgrades unmanaged Windows 11 24H2 PCs

"The machine learning-based intelligent rollout has expanded to all devices running Home and Pro editions of Windows 11, version 24H2 that are not managed by IT departments,"

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-force-upgrades-unmanaged-windows-11-24h2-pcs/

#windows11 #microslop #infosec

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026

<https://www.youtube.com/watch?v=1sd26pWhfmg> (3rd March)

― essential viewing for anyone with an interest in cybersecurity or infosec.

@dch thanks for the encouragement.

A few more links in the comment that's pinned under <https://redd.it/1sapr8a>, but Carlini's half-hour presentation is a must.

#Linux #FreeBSD #security #cybersecurity #infosec #AI #LLMs

⋅⋅⋅ "A significant volume of data (about 91.7 GB compressed) was exfiltrated from the compromised AWS account, including personal data such as names, email addresses, and email content."

⋅ European Commission cloud breach: a supply-chain compromise

− https://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chain

#InfoSec #CyberSec

Aqua's "Cloud Native Application Protection Platform", Trivy, got pwned:
https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/

…using credentials, which Aqua already knew were compromised:

> The Trivy team (…) executed credential rotation. Subsequent investigation revealed the rotation was not fully comprehensive, allowing the threat actor to retain residual access via still-valid credentials.

One of the sites compromised downstream was @EUCommission's europa.eu:
https://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chain

Cyberecurity theater. 🙄

#InfoSec

⋅ Hackers Compromised 700+ Next.js Hosts by Exploiting React2Shell Vulnerability

− https://cybersecuritynews.com/700-next-js-hosts-exploited/

#InfoSec #CyberSec

EDIT: @rysiek has an explanation about the shady things LinkedIn is doing. He explains it far better than I did:

https://mstdn.social/@rysiek/116337205401370428

LinkedIn/Microsoft are definitely NOT to be trusted. But I realize phrasing is important. So I’m moderating my own post. I apologize if this was misconstrued.

But I subjectively believe there is a high likelihood that LinkedIn is doing nefarious things with this data.

#BrowserGate #LinkedIn #InfoSec #OpSec #Privacy #YouAreTheProduct #Microsoft

Alt...

Emulation of the LinkedIn logo, changed to read “unauthorized.”

This is my second "holy shit" of the day.
Apparently #LinkedIn if silently collecting data on every extension you use every time you visit the site. Which it then uploads, with your identity attached to it.
This is absolutely horrifying. Literally, people should go to jail over this.
#infosec #privacy
https://browsergate.eu/

LinkedIn Is Illegally Searching Your Computer

https://browsergate.eu

#tech #technology #BigTech #IT #enshittification #microslop #microsoft #LinkedIn #social #media #SocialMedia #data #security #safety #InfoSec #internet #web

NodeJS, for all the brilliant projects out there leaning on it, has a supply chain that might as well run the length of a dark alley permanently at 2am in the club district.

https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html

Anyway, hope none of you good people are affected by this latest pox

#infosec #sysadmin

We can quit #cybersecurity and just go farm potatoes or something. After 25 years of #appsec one of the most talked-about tech companies invents a daemon process that

makes use of a file-based “memory system” designed to allow for persistent operation across user sessions.

Sure. Just store your system instructions in a random text file.

Why are we installing endpoint protection on this system?

Why do we verify cryptographic signatures on software updates to this system?

Why are we building a zero trust security environment?

Why do we do scan email to avoid social engineering emails?

Our AI-assisted users are gonna YOLO right past all that. And if they can’t get past our #security controls, this agentic Frankenstein will write itself some markdown and work quietly in the background figuring out how to bypass something the user couldn’t bypass on their own.

This is #infosec in 2026

This is alarming but not surprising:
https://www.forbes.com/sites/the-wiretap/2026/03/24/google-cookies-help-cops-identify-anonymous-users/
TLDR If you access multiple Google accounts from the same device, and the cops know about one of the accounts and ask Google the right questions, Google will tell the cops about the other accounts.
The general lesson here is one we already know: if you have any sort of account you don't want linked to you, you can't ever access it from a device or network connection you use other accounts on.
Caveat usor.
#infosec #OpSec #Google

Three observations about #Handala (#Iran hackers) getting into #KashPatel's Gmail account (ref: https://techcrunch.com/2026/03/27/iranian-hackers-claim-breach-of-fbi-director-kash-patels-personal-email-account/):
1) It is not unusual for govt employees to forward emails from govt to personal accounts, e.g., personal emails inappropriately sent to govt accounts. We would have to know what emails were forwarded to know if there was a problem. Presumably if the forwarded emails were problematic the journalists reporting on this would have reported that?
#infosec #privacy (1/3)

31 March is World Backup Day.

Consider the 3-2-1 rule: https://mastodon.online/@blueghost/112200384932181134

Website: https://www.worldbackupday.com

#WorldBackupDay #Backup #DataBackup #DataStorage #DataProtection #DataSecurity #Encryption #InfoSec #InformationSecurity #CyberSecurity #Privacy #Security #SelfHost #SelfHosting

Alt...

World Backup Day logo.

And now linux.org has been defaced. This kinda reminds me of the old defacement crews of the mid-to-late 1990's like Hackweiser and World of Hell.

#infosec

⋅ Détentions d’armes : un pirate exfiltre des données du SIA (ministère de l’Intérieur)

− https://next.ink/231423/detentions-darmes-un-pirate-exfiltre-des-donnees-du-sia-ministere-de-linterieur/

#InfoSec #CyberSec

#OverUnder 059 with @rysiek.

Today, he shares his thoughts on #GDPR, #VPN, #Telegram, #AgeVerification, and #Apple.

He also replied to @brennan's question.

He suggested two books that I'll try to get.

#bloggers #bookstodon #books #blog #fediverse #opensource #infosec #bloggers #mastodon #chatcontrol #desserts #apples #RGPD #privacy