I have a disappoint about the lack of security people that submitted to Kidzmash.

If we had questions about 'hdlkflkbjnbeacppikpggbbmniaanfkg' being malicious, we might be in the wrong business. https://infosec.exchange/@malicious_browser_bot/115250511181963234

I have found my version of :q! Existing a venv. I have to look up 'deactivate' every time. My bash history: quit quit() exit venv exit python venv exit leave terminate obliterate annihilate fuck [....long pause...] deactivate

I really need to write a blog post about setting up this AI box, Chiron. I've got Open Web UI and Concierge on it and I'm getting some tie-ins between the two. I have it loaded up with a bunch of documentation about the house and about the garden and about recipes and about everything and it's […]

What's everyone's favorite breach that wasn't malware or misconfiguration? An application security failure, like RCE or something. #threatintel

Ooh, I got prompted for a "Boost or Quote" for the first time. Not my favorite UX. Would rather have a separate button I could ignore.

That should I add from my Trends in Appsec talk? Anything really hawt that I don't know about?

Lol @"didja pull that from your stat crack?"

She certainly can be. h/t @WEATHERISHAPPENING @Gabrielle

Watching @neurovagrant on @pancakescon now

This attack isn't particularly sophisticated technically, but think of the organizational work that went into it. This is what I need clients to see when they say "who would go to all that trouble?" https://thehackernews.com/2025/09/shadowleak-zero-click-flaw-leaks-gmail.html?m=1 #ai #breach

Agreed. #cfb

So for something completely different: Lesnar or Cena?

A tip of the hat to Bruce Schneier for point out that the Atlantic Council put out another Spyware Report. https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/mythical-beasts-diving-into-the-depths-of-the-global-spyware-market/ #spyware #threatintel

I believe our security system was being hacked by a walking stick.

What does @cR0w say? Hack more AI shit or something? Well, here ya go. (Actually gonna play with this tomorrow on POINT's AI, Chiron.) https://arxiv.org/abs/2508.17155 #genai #pentest

I have never had to do more than turn on burp waf bypass to solve this, but on some sites (the drug compounding site, for instance) it would be a great tool! Some sites are SUPER picky. https://www.darknet.org.uk/2025/09/thermoptic-chrome-perfect-http-fingerprint-cloaking-for-red-team-web-ops/ […]

The JC Penny Postgame show? JC Penny still EXISTS?

@catsalad that has to be against the rules somehow. I know there are no rules.

Just wanted to see what that would do. https://infosec.exchange/@Sempf/115227007617342656

Testing please ignore.

New by me: Why are APIs so hard to scan anyway? I mean, what the heck? https://sempf.net/post/why-are-apis-hard-to-test #amwriting #redteam

Wanna get started early on the 2026 budget? Sponsor CodeMash! I can give pointers for making the most of it. Yes, it is a dev con, but there is a significant security presence, especially in appsec (obviously). https://events.codemash.org/2026CodeMashConference#/BecomeASponsor?lang=en […]

Everyday is like a week. The only benefit is that I get 2 weeks off this weekend!

Might be useful for the ever present (these days) scope creep from "yeah and take a look at our AI chat bot"! https://www.darknet.org.uk/2025/09/llamator-red-team-framework-for-testing-llm-security/ #ai #pentesttools

*A new AI-native penetration testing tool called Villager has reached nearly 11,000 downloads on the Python Package Index (PyPI) just two months after release." Well, it's new to me! https://www.infosecurity-magazine.com/news/chinese-ai-villager-pen-testing/ #china #pentestingtool

Who has two thumbs and said percussive ram attacks wouldn't go anywhere?? 👍🏻 This guy! 👎🏻 https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html #rowhammer #dram

Please don't use discord for anything important.

Looks like someone used AI to write the legal justification!

I had to look something up on Facebook and now I need to take another shower. Even the UI creeps me the fuck out now.

"Children are hacking into their schools’ computer systems – and it may set them up for a life of cyber crime." Mmm hmm, that's exactly what happend. https://securityaffairs.com/182197/cyber-crime/uk-ico-finds-students-behind-majority-of-school-data-breaches.html #breach #education

Ooooh, Veritasium went after Monsanto. I hope he has a good lawyer and personal security. I worked "with" them at OSIA and they give zero fucks. They will grind you up and use you for fertilizer and not change the look on their face.

I got a new phone not too long ago. I just installed f droid, so I can install termux. This is so I can install git, and then python, and get my menu builder app, so I can decide what I want to eat this week. Surely that gets me some geek points.

I've noticed that most everyone uses archive.is to bypass paywalls for important news articles. Is there a reason why we don't put them under the broad brim of @textfiles's top hat and use archive.org?=

I have a very hard time trusting the FBI right meow, but I have to wonder if these two gangs are the star of the story @jerry told at the start of the last defsec podcast? https://thehackernews.com/2025/09/fbi-warns-of-unc6040-and-unc6395.html #salesforce #threatintel

Important announcement: I have been notified that no, I can't fill all of the slots at CodeMash with security talks. As it turns out it is a developer con (who knew?).If I can't choose some arbitrarily small number of them, selections will be made for me by an AI trained on security posts from […]

Heckin salsa. New recipe! It's pretty good. Made it with poblano peppers tho, hope they aren't too tough.

* Rhinegeist enters the chat #nabeer

I dunno. Threat analysis is something a tightly coded SLM would do really well. https://www.darkreading.com/cyber-risk/f5-calypsoai-advanced-ai-security-capabilities #f5 #ai

Tepache.

I present, for your consideration, IETF RFC6598, which I did not know existed. https://datatracker.ietf.org/doc/html/rfc6598

Ya think? #usgov

What a fucking clown car. We are so utterly fucked. #uspol

I present, for your consideration, a Dark Reading article that contains the truthiest sentence recently: "As AI organizations all race to build the next big thing, many have consistently been overlooking and deprioritizing cybersecurity considerations." […]