copy.fail THANKS, I HATE IT.

I’m reminded of the disconnect between typical vuln scan/pentest XSS findings and real world exploitation by this write up of Russian exploitation of webmail apps ctrlaltintel.com/threat researc… How do you demonstrate XSS impact beyond the classic alert dialog or cookie stealer?

Periodic reminder - there’s no easy way to clear tracking cookies and other cruft from iOS apps. But you can do it across all of them with one easy shortcut! It won’t log you out of the app just get rid of the cruft from the in-app browser. prefs:root=SAFARI&path=CLEAR_HISTORY_AND_DATA

UK gov’s review of Mythos shows it completing challenge of approx 20hrs human expert time & 32 steps 3/10 times using 100M tokens. www.aisi.gov.uk/blog/our-evalu… Opus 4.6 did 28/32 steps max & 100M tokens is approx $900. More for Mythos when/if released.

BloodHound isn’t just AD anymore. With OpenGraph, it extends into GitHub, Jamf, and more. But most training hasn’t caught up. If you maintain coursework, @mrmurky.bsky.social shares what you should update: ghst.ly/4dzYnFL

Orgs aiming to implement a Mythos-ready security program when they have a flat network with default creds everywhere and ransomware actors casually logged in.

🧵 Thread of European leaders reacting to Péter Magyar's victory and Viktor Orbán's defeat. Ursula von der Leyen: "Hungary has chosen Europe. Europe has always chosen Hungary. A country reclaims its European path. The Union grows stronger."

Companies should be required by law to completely open devices when they end support for them www.theguardian.com/technology/2...

This thread is :chefs kiss:

Can attest, they’re super nice about it if you ask.

Yeah Project Glasswing seems cool and all but when you're screaming from the rooftops about "OUR AI IS SO POWERFUL WE CANT RELEASE IT BECAUSE THE RISKS ARE TOO GREAT" then what you're really doing is product marketing.

100% this. I also don't think they can afford to release it to subscribers on Max plans without tiny limits which would upset the user base. They also want to avoid distillation by the Chinese AI labs.

What if Mythos is being overhyped so that Anthropic can develop a higher margin enterprise model instead of the high volume low margin one they’ve pursued until now? This is not to say we can disregard the claim - but let’s wait and see where the truth lies.

There is no easy 'just do' in response to the surfacing of latent vulnerability in technology. Vendors must make the investment to address, test and then release. Customers then need to patch. There is no magic - just a sequence of events which now need to take place..

FBI IC3 report is out for 2025. Reports from ZA went up by 42% (1075-1532). Small compared to the 1m they received in total. Reported losses since 2022 have doubled from $10 to $20 billion. $1.6b of that is from outside the US (complaints from over 200 countries) www.ic3.gov/AnnualReport/R…

Monthly reminder: Many people have a book in them, but it takes a special kind of freak to leave the Land of Laziness, cross the Plains of Procrastination and Insecurity Mountain, find the Blade of No One Made You Do This, and use it to cut your chest open and yank that book out.

I watched LLMs write full exploit chains years ago. The amazement fades once you hit context limits and have to steer the model through every hard corner. The industry is full of people who just got here and are still in the amazement phase. That's the gap worth watching.

Totally worth reading.

No really, I am not kidding when I say that the data broker industry must be destroyed: www.npr.org/2026/03/25/n...

I’ve been fighting a losing battle in my home and the time has come to admit defeat. We’ll be getting a dog. Most likely an Alsatian - I know nothing about dog ownership. Internet - I’m looking for all the advice you care to give!

This whole concept in LOTR is one of my favourite parts of the whole book. “Evil fucks up because evil people fundamentally cannot imagine that others are not motivated by the same things as them” is another theme that feels relevant right now

@infosecjen.bsky.social Jen! 👀

𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗳𝗼𝗿 𝗔𝗜 𝗶𝘀 𝗰𝗿𝗲𝗮𝘁𝗶𝗻𝗴 𝗮𝗻 𝗲𝘅𝗽𝗲𝗿𝘁𝗶𝘀𝗲 𝗽𝗮𝗿𝗮𝗱𝗼𝘅 - blog.451alliance.com/security-for...

The data broker industry must be destroyed: www.theverge.com/news/897145/...

-EU finally imposes more cyber sanctions -US-Israeli strikes killed Iranian cyber chief -UK fixes major bug in Companies House portal -Celebrity phisher continued phishing while in detention -Digg shuts down after bot attack Newsletter: news.risky.biz/risky-bullet... Podcast: risky.biz/RBNEWS539/

Giving up drinking years ago meant giving up a love for peaty whisky, but I just discovered Lapsang Souchong tea totally hits the same spot.

As a break from doomscrolling the Middle East, news that the EU may join the CPTPP and Mark Carney’s middle powers vision may be coming true is buoying youtu.be/t4vNi8dxeyQ

We must never again allow ourselves to dehumanise each other.

Spread the word! @phrack.org CFP with demoscene cracktro is live. Turn up the volume and enjoy the awesome stylings of @PiotrBania with some hopefully inspiring text from phrack staff :) phrack.org

its always ❯ whoami but never ❯ howami

Logistics is woke. Supply is woke. End-state planning is woke. Force protection? Believe it or not, woke

Time to exploit reducing? Zero day clock? Pepperidge farm remembers the early 2000’s.

I’ve been generating AI music for myself and family using the local ACE-step generator … and they’re surprisingly good. I’ve had my trance playlist on repeat for a week now. I’m obviously not distributing them, but I’d highly recommend trying it out. Hyper contextual lyrics from a good LLM help too.

RIP FX - You are a legend

I AI generated this punk song a week ago. Kind of saw it coming. Wish we could move on from rhyming the death and misery.

A little late to the party, but Johnny's video makes very accessible the parallels of history in this current moment and what experts want to convey. Good for friends on the fence. www.youtube.com/watch?v=GV8K...

Was re-watching BSG: "There's a reason you separate military and the police. One fights the enemies of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people." - Cmdr Adama

Is your fancy new keyboard betraying you? Chen et al. propose DualStrike, a hardware attack on commodity Hall-effect keyboards. Using electromagnetic emissions, it perfectly eavesdrops on your typing and can even invisibly inject malicious keystrokes.

Over the years I’ve always used some app to prevent my Mac from locking during long running tasks like password cracking sessions or more recently agentic workflows. But they’re poorly maintained or over complicated. So I made my own. NoLock does what it says on the tin github.com/singe/NoLock

I'm impressed by how light weight the Apple on-device Foundation LLM is for Apple Intelligence, so I vibe'd a small macOS tool (26.0+) to interact with them. It supports GUI and CLI and tool calling. Even big responses fail to move the CPU/GPU by a single percentage. Link below.

I'm impressed by how light weight the Apple on-device Foundation LLM is for Apple Intelligence, so I vibe'd a small macOS tool (26.0+) to interact with them. It supports GUI and CLI and tool calling. Even big responses fail to move the CPU/GPU by a single percentage. Link below.

Yevgeny Prigozhin's influence operations have now been taken over by Russia's foreign intelligence service, the SVR, under a new company called StratConsult alleyesonwagner.org/2026/02/14/a... forbiddenstories.org/propaganda-m... istories.media/stories/2026... dossier.center/africa-polit...

Europe and the UK should come closer together – on security, on economy or on defending our democracies. Ten years on from Brexit, our futures are as bound as ever. So, it is in our common interest to be ambitious about our partnership.

It isn’t weird to me how many of the best and most successful people I’ve met have this one weird trick in common.

"Fight against being ass" is a message that more people need to receive, tbh

An Orange Cyberdefense report concludes that hacktivism has evolved from a form of digital protest into the realm of hybrid warfare www.orangecyberdefense.com/global/blog/...

I have no problem with virtue signaling. Hate has been given a megaphone and they have no problem amplifying those voices. There should be no shame in amplifying ours.

Interesting research in HBR today about how the productivity boost you can get from AI tools can lead to burnout or general metal exhaustion, something I've noticed in my own work simonwillison.net/2026/Feb/9/a...

Hate-filled fake videos about London are everywhere. We've obtained a recording of a TikToker confessing to secretly filming Londoners in their homes for clicks. He says it's not political. He just wants to make money from far-right anger. Read what he says: www.londoncentric.media/p/london-tik...

Sir Ian McKellen performing a monologue from Shakespeare’s Sir Thomas More on the Stephen Colbert show. Never have I heard this monologue performed with such a keen sense of prescience. Nor have I ever been in this exact historical moment.TY Sir Ian, for reaching us once again. #Pinks #ProudBlue