Eulogy for a Beggar Driving home each day, I’d meet a young beggar. Today he wasn’t there. His friend said he passed on. Traffic flowed past where he once stood, unbothered by the person that once disturbed it. What do you say about a life you never knew; mourn it & wonder how I could have saved it?

Love web & AI security research? Want to do it full time on-site with myself, Gareth Heyes & Zak Fedotkin? Join the PortSwigger Research team - we're hiring! apply.workable.com/portswigger/...

Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" https://arstechnica.com/security/2026/01/overrun-with-ai-slop-curl-scraps-bug-bounties-to-ensure-intact-mental-health/

GPU Code can now use Rust's standard library. Blog Post by VectorWare about the Implementation Approach and what this unlocks for GPU Programming. #Rust #GPU www.vectorware.com/blog/rust-st...

Jennings: Let's not get our knickers in a twist here McGowan: Why are you talking like that? It's insane. Your attitude is just horrifying…

If your SOC doesn’t already alert on NetNTLM with challenges of “1122334455667788” you should fix that NOW. cloud.google.com/blog/topics/...

We are excited to announce the CFP for the next tmp.0ut Volume 5! tmpout.sh/blog/vol5-cf...

We’ve crossed the rubicon where for many simple tech use cases it’s easier to vibe code exactly what you want than it is to research several existing solutions and test them.

In Portswigger's Burp I needed a way to do Match & Replace globally across all utilities, not just the proxy so I wrote an extension github.com/singe/burp_g...

This story makes the point that there’s little appetite within BRICS (or BRICS+) for it to be a security alliance. Exercise ‘Will For Peace’ is no more a BRICS exercise than IBSAMAR, the biennial naval exercise South Africa has with India & Brazil, is. www.scmp.com/week-asia/po...

Insights from Ben Affleck on AI: • AI can help write scenes but can't create full movies. • Job loss fears are overblown because adoption of new tech is slow; it's hype for startup valuations. • ChatGPT v5 is ~25% better but costs 4x. • Users actually preferred v4's sycophancy for companionship.

The number of times people have tried to kill Net-NTLMv1 eh? youtu.be/lm7Cuktpnb4?...

What are the Wi-Fi capabilities of all iPhone 17 models and Apple N1 wireless chip? I profiled all iPhone 17 models so that you don't have to. www.jiribrejcha.net/2025/11/wi-f... #WiFi7 #iPhone17 #N1 #AppleN1 #WLANPi #Profiler

Is it corruption or stupidity driving this spectacular shot to the diplomatic phallus by South Africa

I’m genuinely wondering what the end game of the current round of tech balkanisation is. The US sanctioning of ICC officials shows that separate datacentres aren’t enough like they were for privacy safe harbour. But customers mostly don’t want to pay a premium for isolated legal & technical entities

The difference between flat burr and conical burr ground espresso is surprisingly large! I honestly didn’t think it made that much difference and it was just espresso needs going deep - but even normals can taste a clear difference.

First day back to work from summer vacation and I feel guilty about how much positivity I feel in me, and the people around me. I don’t know if it’s a whole South Africa vibe - but it feels like this is the year things get better this side. Please don’t make me quote post this later with a sad face.

There is no legal justification, whatsoever, to use military force against a NATO ally like Greenland. If any military member participates in this without congressional authorization, they are following illegal orders.

Setting aside the reversal of policy and the possibly deliberate scare message, reporters need to adjust their threat models and get their operational security nailed down. The stakes are extremely high. Gift link from the marketing people. wapo.st/4pFh6lw

My favourite "this would have been a great day on Bluesky" media moment from history.

Joint statement by 4 former officials in Democratic and Republican Administrations—including four NATO Ambassadors, 3 Assistant Secretaries of State for Europe, and 3 NSC Senior Directors. Excellent opening in particular.

I endorse everything in this post. I’m also processing the fact that programming has permanently changed, but denying or “opposing“ it is not going to make the best of it.

In case you’re wondering whether the pro-ICE reactions to Renee Nicole Good’s murder are natural, here’s a comment that was just left on my video. My video about anti-transgender bias at the BBC. I haven’t made a video about Good yet. youtu.be/pWm3dK8tPto

“I have asked the clergy of the diocese to make sure their affairs are in order and they have written their wills.,not the time for statements. It is time to put our bodies between the powers of this world and the most vulnerable”. Rob Hirschfeld, Bishop of the Episcopal Diocese of New Hampshire

GERMAN PRESIDENT STEINMEIER: “.. the United States has broken with the values that it helped to establish .. “.. we have now moved beyond the stage where we can lament the lack of respect for international law or the erosion of the international order; we are far beyond that, I believe.”

New: we've obtained material explaining how an ICE surveillance system, called Webloc, works. Draw shape on a map, see all phones available there, follow them home. All without warrant “This is a very dangerous tool in the hands of an out-of-control agency.” www.404media.co/inside-ices-...

The same Republican state legislatures that passed age verification laws for porn are silent on Grok creating and publishing CSAM. It was never about the children.

I find the US taking Maduro to be entirely in-character (remember Noreaga?). The weird part is having just pardoned Hernandez after he did the same thing.

Anna’s Archive is an incredible project aimed at preserving humanity’s knowledge and culture Their latest exploit is a near-full backup of Spotify. It includes 86 million songs, representing around 99.6% of listens 🎶 annas-archive.org/blog/backing...

Happy 0x7ea Nerds!

The European Space Agency (ESA) has reported a security incident involving the potential breach of external servers, with cybercriminals claiming to have stolen over 200 GB of data. This includes confidential documents, source code, and access tokens, allegedly obtained between December 18 - 25.

At the gpg.fail talk and omg #39c3 You can just put a \0 in the Hash: header and then newlines and inject text in a cleartext message. Won’t even blame PGP here. C is unsafe at any speed. gpg has not fixed it yet.

I'm not 💯 on what the CVE was issued for in the end. The ActiveX bypass is still present (along with ProtectedView bypass), the fix was to disable the functionality in Outlook. It is why APT34 and APT33 were able to continue using it by re-enabling the functionality: cloud.google.com/blog/topics/...

Really big age release coming tomorrow! 🎅🏻 - native post-quantum keys - built-in recipients for hw plugins - age-inspect tool - plugin framework - batchpass plugin - many improved error messages

We (Orange Cyberdefense) became a CVE CNA & in prep for that collected the various vulns we had reported over the years that had corresponding public information. 108 of them! It’s mostly a vanity list but will be where we publish new vulns in future. advisories.orangecyberdefense.com/advisories

💻 How far can we push small language models? This summer, our Project t0 team showed that small, open-weight language models can achieve near-frontier reasoning performance when applied to focused, domain-specific tasks. http://bit.ly/4fu00E1

Barbra Streisand Wooo, wooo, wooo-ooh, wooo, wooo, wooo-ooh Wooo, wooo, wooo-ooh, wooo, wooo, wooo Barbra Streisand I never watch 60 minutes but I watched that one about CECOT wooo Barbra Streisand

THC Release 💥: The world’s largest IP<>Domain database: ip.thc.org All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free. Updated monthly. Try: curl ip.thc.org/1.1.1.1 Raw data (187GB): ip.thc.org/docs/bulk-da... (The fine work of messede 👌)

This function takes a tenant ID and queries the public accounts.accesscontrol.windows.net metadata (returns all domains associated with that Office 365 tenant)🕵️‍♂️ github.com/gscales/Powe... #infosec #cybersecurity #redteam #osint #cloud

This is super good news: Docker Hardened Images are now available for free for all devs. These can form a much more secure baseline of your containerized apps.

I just realized if you set your iPhone to be used by an underage user you can override app advertising that you can’t override as an adult iPhone user. That seems useful, has anyone done this? Any issues to consider? #iphone #privacy

Assassination plots, sabotage, cyber-attacks and the manipulation of information by Russia and other hostile states mean that “the frontline is everywhere”, the new head of MI6 will warn on Monday. www.theguardian.com/uk-news/2025...

THC Release: 🎄Smallest SSHD backdoor🎄 - Does not add any new file - Survives apt-update - Does not use PAM or authorized_keys Just SSHD trickery....adds one line only. More at thc.org/tips 👌

And, AGAIN -- Another good opportunity to remind you of Deth Veggie's First Law of the Internet: LIE TO EVERY SITE ABOUT ABSOLUTELY EVERYTHING YOU CAN. Fake names, fake birthdays, fake pets' names, and maiden names, and first streets, and schools and... everything you can.

My BSides Cape Town 2025 wrap-up is finally out, you can read about it all here www.linkedin.com/pulse/bsides.... Please share with your friends and help spread the word! #bsidescapetown2025 #bsidescapetown #hackers #rubberducks

Two blog posts just dropped - one with the details on the bloatware pwning shenanigans I was up to earlier in the year, and another on pipetap, a new Windows named pipe proxy/tool. sensepost.com/blog/2025/pw... sensepost.com/blog/2025/pi...

It’s almost time for my @BSidesCapeTown talk, and I’ve just open sourced pipetap. My Windows named pipe proxy & multi-tool. Excited to see what you do with it! github.com/sensepost/pi...

lolwifi.network really does point out the elephant in the cyber room. It’s not about WiFi it’s about security professionals understanding risk assessment.