Joseph
@eflags.bsky.social
đ¤ 222
đĽ 890
đ 40
Forensic Analyst, Reverse Engineer. Opinions mine
reposted by
Joseph
Electronic Frontier Foundation
about 1 month ago
Applying for a government job shouldn't trigger a nationwide location tracking search. Yet EFF identified multiple law enforcement agencies in Missouri, Texas, Mississippi, and Illinois using Flock ALPR networks to run background checks.
www.eff.org/deeplinks/2...
loading . . .
More License Plate Reader Mission Creep: School Residency
An EFF analysis of millions of searches of Flock Safety automated license plate reader (ALPR) data by police has uncovered a troubling pattern: in the absence of a warrant requirement to search ALPR
https://www.eff.org/deeplinks/2026/05/more-license-plate-reader-mission-creep-school-residency-verification-background
1
119
39
reposted by
Joseph
Patrick Chovanec
about 1 month ago
A President ordering the Justice Department to criminally investigate a woman who won a sexual assault lawsuit against him makes Watergate look like an unpaid parking ticket.
209
14347
3973
reposted by
Joseph
Giovanni Colantonio
about 1 month ago
look. is everything more expensive now? yes. but you have to look on the bright side too. now every time you open a computer, it doesn't work
44
7744
1875
reposted by
Joseph
Eliot Higgins
about 1 month ago
In addition, literal stacks of M4000 chemical bombs, used by the Assad regime to drop sarin on civilians in 3 recorded incidents, were found and photographed. Yet more evidence everything we published at Bellingcat based on our open source investigations of chemical attacks was accurate.
add a skeleton here at some point
19
2144
726
reposted by
Joseph
Catalin Cimpanu
about 1 month ago
Google Cloud found a zero-day in KnowledgeDeliver, an LMS popular in Japan This was being exploited to take over servers and then show a fake security alert and infect site visitors with other malware
cloud.google.com/blog/topics/...
0
8
5
reposted by
Joseph
Lorenzo Franceschi-Bicchierai
about 1 month ago
Here is a look at all the special security features that Apple, Google, and WhatsApp offer to protect you from spyware all in one place. We looked at what these features do, and how to turn them on. We highly recommend them for anyone who's worried about government spyware.
loading . . .
These special phone and app features can help protect you from spyware | TechCrunch
Apple, Meta, and Google offer special security modes that provide your devices more secure against targeted spyware attacks. Here are how those modes work, what they do, and how to switch them on.
https://techcrunch.com/2026/05/23/you-dont-have-to-click-anything-to-get-hacked-anymore-heres-how-to-fight-back/
1
19
14
reposted by
Joseph
Catalin Cimpanu
about 2 months ago
Microsoft has banned Nightmare Eclipse from GitHub:
github.com/Nightmare-Ec...
This is the researcher who disclosed several zero-days after Microsoft also deleted his MSRC account They now moved on GitLab:
deadeclipse666.blogspot.com
8
205
65
reposted by
Joseph
Socket
about 2 months ago
Attackers took over the art-template npm package and used it to deliver a Coruna-like iOS Safari exploit framework. Socket Threat Research breaks down the package takeover, device fingerprinting, and exploit delivery chain:
socket.dev/blog/coruna-...
loading . . .
Coruna Respawned: Compromised art-template npm Package Leads...
Compromised npm package art-template delivered a Coruna-like iOS Safari exploit framework through a watering-hole attack.
https://socket.dev/blog/coruna-respawned-compromised-art-template-npm-package
0
4
1
reposted by
Joseph
Andy Greenberg
about 2 months ago
Mohammad Muzahir, aka Red Bull, the scam compound whistleblower and human trafficking victim whose incredible bravery made possible the story below, now has a GoFundMe:
www.gofundme.com/f/support-wh...
I'm in touch with the creator, who is legit. Grateful to her and to anyone who can donate.
add a skeleton here at some point
0
43
27
reposted by
Joseph
Socket
about 2 months ago
84 TanStack npm package artifacts were compromised in the ongoing Mini Shai-Hulud supply chain attack, adding suspected CI credential-stealing malware. Socket flagged every malicious version within six minutes of publication. Details:
socket.dev/blog/tanstac...
loading . . .
Tanstack npm Packages Compromised in Ongoing Mini Shai-Hulud...
Socket detected 84 compromised TanStack npm packages modified with suspected CI credential-stealing malware.
https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
5
67
45
reposted by
Joseph
Signal
about 2 months ago
To help protect Signal users from phishing and social engineering attacks, weâve introduced additional confirmations and educational messaging in the app to help people better detect fraudulent profiles, especially message requests from scammers posing as Signal. More changes are on the way.
8
348
83
reposted by
Joseph
George Wallace
2 months ago
124
8832
1656
reposted by
Joseph
Rep. Joe Neguse
2 months ago
My resolution proposing a constitutional amendment to overturn the Supreme Courtâs Citizens United decision now has 79 co-sponsors. You can view the full list at:
www.congress.gov/bill/119th-c...
. Iâll keep fighting to get it across the finish line!
loading . . .
631
16866
5102
reposted by
Joseph
midudev ¡ Miguel Ăngel DurĂĄn
2 months ago
Yo usando Claude Code con Opus 4.7 para mover el margen de un div 2px.
loading . . .
57
635
116
reposted by
Joseph
Socket
2 months ago
đ¨ BREAKING: Mini Shai-Hulud has spread to Packagist. We detected a malicious intercom/
[email protected]
package artifact tied to this campaign. This is the third supply chain attack we've reported on today, and we're continuing to monitor the campaign:
socket.dev/blog/mini-sh...
loading . . .
Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP...
Socket found a malicious Intercom PHP package on Packagist using Composer plugin execution to steal credentials and spread across ecosystems.
https://socket.dev/blog/mini-shai-hulud-packagist-malicious-intercom-php-package-compromise
0
3
3
reposted by
Joseph
Tim Blazytko
2 months ago
The recording of my second Binary Cartography webinar is public: Agentic Malware Analysis: From Task Automation to Deep Analysis Topics: string decryption, API hashing, unpacking & pipeline building Recording:
youtu.be/azej1P17w9E
Slides & samples:
github.com/mrphrazer/bi...
loading . . .
Agentic Malware Analysis: From Task Automation to Deep Analysis
YouTube video by Tim Blazytko
https://youtu.be/azej1P17w9E
0
3
1
reposted by
Joseph
Jameel Jaffer
3 months ago
This wild document is the basis for the State Department's decision to cancel the visas and green cards of tech researchers who study the social media platforms and of tech regulators who enforce privacy and transparency laws. Disclosed to us last night in
@thecoalition.bsky.social
v. Rubio.
55
2560
1072
reposted by
Joseph
Don Moynihan
3 months ago
fuuuuuuck
add a skeleton here at some point
119
3611
1511
reposted by
Joseph
shauna
3 months ago
iâve worked in tech more than 20 years. it has never been more ridiculous.
101
16774
3677
reposted by
Joseph
makena kelly
3 months ago
SCOOP: Palantir's 22-point manifesto is alarming even its own employeesâbut it's just the latest move by leadership that's incensed workers. More on the internal dissent growing inside the company:
wired.com/story/palantir-employees-are-starting-to-wonder-if-theyre-the-bad-guys/
loading . . .
Palantir Employees Are Starting to Wonder if They're the Bad Guys
Interviews with current and former Palantir employees, along with internal Slack messages obtained by WIRED, suggest a workforce in turmoil.
https://www.wired.com/story/palantir-employees-are-starting-to-wonder-if-theyre-the-bad-guys/
70
1410
619
reposted by
Joseph
ProPublica
3 months ago
When DOGE arrived at the Nuclear Regulatory Commission, the operatives had no real background in nuclear issues. They boxed out experienced hands, forcing resignations and massive exodus of talent. Over 400 people have since left or been forced out. Our full story:
https://propub.li/3OBQMwk
57
2333
1249
reposted by
Joseph
Signal
3 months ago
We are very happy that today Apple issued a patch and a security advisory. This comes following 404 Media reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted.
11
1799
500
reposted by
Joseph
Signal
3 months ago
Appleâs advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release. You can read more here:
support.apple.com/en-us/127002
loading . . .
About the security content of iOS 26.4.2 and iPadOS 26.4.2 - Apple Support
This document describes the security content of iOS 26.4.2 and iPadOS 26.4.2.
https://support.apple.com/en-us/127002
1
232
26
More ransomware and commodity malware blogs! Screw the reusable APT tooling
add a skeleton here at some point
3 months ago
1
1
0
The APT researchers yearn to provide shareholder value
add a skeleton here at some point
3 months ago
0
0
0
reposted by
Joseph
Socket
3 months ago
đ¨ Breaking: Namastex Labs, the team behind Automagik[.]dev, hit with a supply chain attack affecting its npm packages. The malicious versions replicate TeamPCP-style Canister Worm tradecraft, including secret theft, exfiltration, and self-propagation.
socket.dev/blog/namaste...
loading . . .
Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm...
Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation.
https://socket.dev/blog/namastex-npm-packages-compromised-canisterworm
1
9
6
reposted by
Joseph
Socket
3 months ago
We published technical analysis of the Checkmarx compromise, including how malicious extensions silently fetched a second-stage payload from Checkmarxâs own GitHub repo. Our analysis also shows the malware stole developer credentials and used them for exfiltration and propagation.
add a skeleton here at some point
0
1
2
reposted by
Joseph
TechCrunch
3 months ago
Objection, a Thiel-backed startup, aims to use AI to judge journalism, letting users pay to challenge stories. Critics warn it could chill whistleblowers and reshape how media accountability works.
loading . . .
Exclusive: Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers
Objection, a Thiel-backed startup, aims to use AI to judge journalism, letting users pay to challenge stories. Critics warn it could chill whistleblowers and reshape how media accountability works.
https://techcrunch.com/2026/04/15/can-ai-judge-journalism-a-thiel-backed-startup-says-yes-even-if-it-risks-chilling-whistleblowers/
6
26
24
reposted by
Joseph
Nick Dearden
3 months ago
âIf you criticise Palantirâs platform one more time, you are going to lose your job.â Solidarity to all NHS workers opposing this toxic corporation. Shame on those bullying them. But they wonât stop us. Weâre going to ditch Palantir.
www.ft.com/content/ff70...
loading . . .
Senior NHS officials warned staff over criticising rollout of Palantir platform
Ethical objections and uneven adoption have made the tech groupâs contract a divisive issue within English health service
https://www.ft.com/content/ff701533-aa19-4ab0-80ff-70c9420f37d9?syn-25a6b1a6=1
245
10538
3768
reposted by
Joseph
Joseph Cox
3 months ago
This is a great interview about how we ended up with the internet being hell, and how that results in today's politics, including the role journalists have played. Watch, subscribe here:
www.youtube.com/watch?v=gp_n...
loading . . .
3
105
37
reposted by
Joseph
9to5Mac
3 months ago
OpenAI says to update Mac apps including ChatGPT and Codex as security precaution
loading . . .
OpenAI says to update Mac apps including ChatGPT and Codex as security precaution
OpenAI is asking users of its Mac software to update to the latest releases from today âout of an abundance of caution.â This is due to a security issue with a third-party developer tool, Axios, that was used by OpenAI. moreâŚ
https://9to5mac.com/2026/04/10/openai-says-to-update-mac-apps-including-chatgpt-and-codex-as-security-precaution/?utm_source=dlvr.it&utm_medium=bluesky
0
8
1
reposted by
Joseph
David Buchanan
3 months ago
when disassembling a complex device, at some point you reach the Swift threshold. this thing is never, ever, ever, going back together.
6
154
17
reposted by
Joseph
Albert Pinto
3 months ago
Absolutely remarkable statement from Pope Leo today. One for the history books
www.theguardian.com/world/2026/a...
298
14614
4306
reposted by
Joseph
Rebekah Valentine
3 months ago
Good morning! I highly recommend anyone who thinks they might possibly interested to apply for my job at IGN. It is a fantastic (UNION!!!!!) job working with the absolute best people. I have loved it with all my heart. You will too.
www.ziffdavis.com/careers/jobs...
loading . . .
Search Jobs - Ziff Davis
We hire only the best and brightest because we know it takes great people to make a great company. We embrace the power of collaboration, have an entrepreneurial spirit and promote a work environment ...
https://www.ziffdavis.com/careers/jobs?p=job%2FojZXzfwy
55
944
240
reposted by
Joseph
ProPublica Guild
3 months ago
Weâre on strike today! Support our fight for a fair contract by NOT visiting the
@propublica.org
website or engaging with ProPublica stories today. Tell ProPublicaâs management you wonât cross the picket line:
actionnetwork.org/petitions/te...
64
4931
3112
reposted by
Joseph
Mehdi Hasan
3 months ago
Just wanted to remind folks, especially the GOP and the FDD, that Barack Obamaâs 2015 nuclear deal didnât give Iran control of the Strait of Hormuz or allow it to keep 60% enriched uranium. It sent $1.7 billion to Iran versus the tens of billions Iran will now make from tolls. đ¤ˇđ˝ââď¸
805
20960
7023
reposted by
Joseph
Thomas Lecaque
3 months ago
"History will judge-" let me stop you right fucking there, history doesn't do fucking shit, I'm a historian, let's be clear here: elected officials need to do their fucking jobs, right now, before it happens, or future historians will judge THEM. Everyone knows and knew who Trump was.
80
10007
3065
reposted by
Joseph
Eliot Higgins
3 months ago
Just in time for Trump's scheduled war crimes, Bellingcat has updated our tool for identifying damaged buildings and structures in satellite imagery, ideally for investigating atrocities in Iran. Full details here:
www.bellingcat.com/resources/20...
loading . . .
When Satellite Imagery Goes Dark: New Tool Shows Damage in Iran and the Gulf - bellingcat
Bellingcat is introducing an updated damage assessment tool â called the Iran Conflict Damage Proxy Map â focused on destruction in Iran and the Gulf .
https://www.bellingcat.com/resources/2026/04/07/tool-damage-assessment-destruction-sentinel-satellite-imagery-iran-us-gulf/
8
644
288
reposted by
Joseph
magic
3 months ago
Just as a reminder:
add a skeleton here at some point
20
1113
794
reposted by
Joseph
vx-underground (automated mirror)
3 months ago
Around 2 hours ago (01:22EST) it appears ILSpy WordPress domain was compromised to deliver malware. Someone caught it on video. ILSpy WordPress domain (as of this writing) is currently returning 502. Attempting to download ILSpy, instead of directing to GitHub, redirected to a domain
1
11
3
reposted by
Joseph
404 Media
9 months ago
BREAKING: Apple removed an app for preserving TikToks, Instagram reels, news reports, and videos documenting abuses by ICE đ
www.404media.co/apple-banned...
loading . . .
Apple Banned an App That Simply Archived Videos of ICE Abuses
Eyes Up's purpose is to "preserve evidence until it can be used in court." But it has been swept up in Apple's crackdown on ICE-spotting apps.
https://www.404media.co/apple-banned-an-app-that-simply-archived-videos-of-ice-abuses/
56
904
655
reposted by
Joseph
Joseph Cox
9 months ago
New: Apple banned an app that simply archived videos of ICE abuses. Rather than other apps that record ICE official's real-time location, Eyes Up is to "preserve evidence until it can be used in court." Videos from TikTok etc. Every submission manually reviewed
www.404media.co/apple-banned...
loading . . .
Apple Banned an App That Simply Archived Videos of ICE Abuses
Eyes Up's purpose is to "preserve evidence until it can be used in court." But it has been swept up in Apple's crackdown on ICE-spotting apps.
https://www.404media.co/apple-banned-an-app-that-simply-archived-videos-of-ice-abuses/
52
1298
715
reposted by
Joseph
Joseph Cox
9 months ago
New from 404 Media: Apple just removed ICEBlock, the app for reporting sightings of ICE, from its App Store after DOJ pressure. ICEBlock's developer tells me "we are determined to fight this." "Capitulating to an authoritarian regime is never the right move."
www.404media.co/iceblock-own...
loading . . .
ICEBlock Owner After Apple Removes App: âWe Are Determined to Fight Thisâ
Apple removed ICEBlock reportedly after direct pressure from Department of Justice officials. âI am incredibly disappointed by Apple's actions today. Capitulating to an authoritarian regime is never t...
https://www.404media.co/iceblock-owner-after-apple-removes-app-we-are-determined-to-fight-this/
61
1280
610
reposted by
Joseph
404 Media
9 months ago
ICEBlock Owner After Apple Removes App: âWe Are Determined to Fight Thisâ đ
www.404media.co/iceblock-own...
loading . . .
ICEBlock Owner After Apple Removes App: âWe Are Determined to Fight Thisâ
Apple removed ICEBlock reportedly after direct pressure from Department of Justice officials. âI am incredibly disappointed by Apple's actions today. Capitulating to an authoritarian regime is never t...
https://www.404media.co/iceblock-owner-after-apple-removes-app-we-are-determined-to-fight-this/
24
433
148
reposted by
Joseph
Greg Otto
10 months ago
đ¨đ¨đ¨ Google released a report on "Brickstorm" this morning â a next-level, suspected China-linked campaign targeting U.S. firms. Ultra-stealthy, 400+ day dwell times, focus on stealing IP, finding zero-days, and focused on long-term cyberespionage.
cyberscoop.com/chinese-cybe...
loading . . .
Brickstorm malware powering ânext-levelâ Chinese cyberespionage campaign
Mandiant and Google have identified âBrickstorm,â a sophisticated, suspected China-linked hacking campaign targeting U.S. tech firms, legal organizations, and BPOs. The operation often goes undetected...
https://cyberscoop.com/chinese-cyberespionage-campaign-brickstorm-mandiant-google/
8
66
47
reposted by
Joseph
Patrick De Klotz
10 months ago
Holy shit
120
3463
1520
reposted by
Joseph
Ann Marie Awad
10 months ago
if youâre canceling your Disney and worried about what your kids will watchâŚmight i suggest supporting your local PBS station, which gets you streaming access to all their content via PBS passport
59
2136
578
reposted by
Joseph
Joseph Cox
10 months ago
New: 404 Media is suing ICE. We have filed a lawsuit demanding ICE release its $2 million contract with Paragon, a company that makes powerful spyware to break into phones and read encrypted messages. This is expensive for a small outlet but this info is important
www.404media.co/were-suing-i...
loading . . .
Weâre Suing ICE for Its $2 Million Spyware Contract
404 Media has filed a lawsuit against ICE for access to its contract with Paragon, a company that sells powerful spyware for breaking into phones and accessing encrypted messaging apps.
https://www.404media.co/were-suing-ice-for-its-2-million-spyware-contract/
70
6732
2402
Excited to speak at FTSCon next month!
add a skeleton here at some point
10 months ago
0
3
2
reposted by
Joseph
Volatility
10 months ago
#FTSCon
Speaker Spotlight: Joseph Edwards (
@eflags.bsky.social
) is presenting âThe Forensics of Zoom's Remote Controlâ in the HUNTER track. See the full list of speakers + event info, including how to register, here:
volatilityfoundation.org/from-the-sou...
0
1
5
Load more
feeds!
log in