This paper represents a small but deeply impressive and genuinely important achievement by the much maligned British state in what is probably the most important global issue of our era. Hear me out ( 🧵) 1/ www.aisi.gov.uk/blog/our-eva...

Remember when Trump threatened to wipe out a whole civilization? And then backed out of that and talked about forming a deal with Iran? And then dropped that and went to a UFC fight as negotiations fell apart? And then unveiled a triumphal arch and a photo of himself as Jesus? That was this week.

Man Who Threw Molotov Cocktail At Sam Altman’s Home Claims He Was Following ChatGPT Recipe For Risotto https://theonion.com/man-who-threw-molotov-cocktail-at-sam-altmans-home-claims-he-was-following-chatgpt-recipe-for-risotto/

I *hate* the job title "Ethical Hacker". Why should it be ethical to report a vulnerability? Why should a specific job title be ethical? Ofc, there are scenarios where this is an ethical choice, but I also see many scenarios where *not* reporting a vulnerability is *the* ethical choice.

The FBI announced it took down the "full-service cybercrime platform" W3LL, which allowed cybercriminals to purchase a phishing kit to create fake login pages. W3LL “facilitated the sale of more than 25,000 compromised accounts,” over the years according to the FBI.

Your Kindle's not obsolete, it just needs a jailbreak — and I'll show you how it's done You can transform your old Kindle — even a bricked device — into the ultimate open-source reader. Here's how. www.zdnet.com/article/your...

133 of 199 seats are needed for a supermajority that will let them dismantle Orbán's system. Tisza has 138 with 72% of the votes counted. And going up. vtr.valasztas.hu/ogy2026

Microsoft published a report on device code phishing.... after other security firms spotted first these massive campaigns against its infrastructure Le sigh... www.microsoft.com/en-us/securi...

Except we’ve spent $50 billion, the Strait is closed and 3000 people are dead. @bloomberg.com www.bloomberg.com/news/article...

github.com/soatok/age-php If you've found yourself wondering how to encrypt/decrypt age messages from PHP software (e.g., a contact form, or a WordPress plugin)... Well, I've got you covered. Supports post-quantum cryptography too! #KillPGP #crypto #PHP #infosec #privacy

PS giovedì 28 maggio a Milano torna questa cosa, in un'edizione più grande e più ambiziosa di prima 🥹 Se ci vediamo lì sono felice! I dettagli (e i biglietti) stanno tutti qua: dice.fm/event/eomgmd...

Artemis III be like You are a NASA engineer specialized in parachutes. Generate three ideas for a CPAS system to slow down a spacecraft from 40000 km/h to 10 km/h in ten minutes. For each idea, list pros and cons. Read documentation under “@docs/Copy of Copy of artemis_2”. Use science.

when disassembling a complex device, at some point you reach the Swift threshold. this thing is never, ever, ever, going back together.

Microsoft starts removing "unnecessary" Copilot buttons from Windows 11 apps. www.theverge.com/news/909640/...

The EFF is quitting X

Da cinque anni una persona mappa, fotografa e registra tutte le piante di glicine che si trovano a Milano. Finora nel suo archivio, che è consultabile online, ne sono registrate più di 650 ilpost.link/pG3V0hbRQA

Honestly? This is a great hack, kudos

Today we are publishing our analysis of the latest version of Spyrtacus, a spyware agent from SIO/ASIGINT, produced by the same company that was exposed distributing fake WhatsApp client by Meta Read our analysis: osservatorionessuno.org/blog/2026/04...

memory drive

Wow, I am thrilled that @zackwhittaker.com included a reference to my article in his below piece. In many situations its not that "humans are the weakest link" in #cybersecurity but rather "humans are our last line of defence" and we need to design our systems to be more secure and resilient

the vibe

Still, the problem is that too ofen we don't build systems to be resilient, everyone knows OWASP Top 10, top CWE, buzzwords and best practices. And everyone starts to implement them after the product has been shipped in production. Cybersecurity is just a joke.

Anthropic is launching a new AI model for cybersecurity

FBI's yearly cybercrime report is out Cybercrime losses passed $20b last year PDF: www.ic3.gov/AnnualReport...

it's hard to believe, but before AI existed all internet infrastructure had 100% uptime

Axios maintainer’s post mortem confirms social engineering by UNC1069

FINALLY, the most important thing about this picture you need to know: that yellow floppy disk is one of my Neon Genesis Evangelion Floppies. I used it to copy VGAPRIDE.EXE onto my Pentium, since that machine has no network access.

Prime Minister Viktor Orban of Hungary has made hostility to Ukraine a centerpiece of his general election campaign. Russia seems determined to repay the favor.

Me, joking: I can’t believe we chose “destroying the economy” and “losing wars” over “being nice to trans people occasionally” Conservatives, dead serious: it was a tough choice, but I’m glad we picked “destroying the economy” and “losing wars” over “being nice to trans people occasionally”

Software supply-chain should be your top priority

Modern LLMs can now scan a codebase and find real vulnerabilities, and yep, in the short term, this will be a nightmare for cybersecurity teams (and, especially, open-source maintainers), *but* this could help smart engineering departments to adopt defensive product designs, *finally*.

The Dutch government is developing an anti–phishing filter to help telcos block malicious links The new "Anti Phishing Shield" was tested in a pilot program last year with 200,000 users and blocked more than two million attempts to access malicious sites www.ncsc.nl/nieuws/ruim-...

Putin and Orban coordinating on a desperate false flag operation that everyone knew was coming.

See you here in May :)

Why is it so hard for Americans to understand that essential social services should not discriminate anyone? Free healthcare and free education means they are free for all. That's fair as long as you are taxing the wealthy and you embrace a progressive tax system. www.nytimes.com/2026/03/31/n...

Dear journalists, Just because Durov says Russia's bank outage was caused by their attempts to ban VPNs and Telegram doesn't mean it's true. Durov has a history of saying false things. A really long one too!

Small question, after more than one week, did the European Commission inform all people whose personal data might have been compromised ? Poke @gnppn.fr

I wrote a thing about a thing. Specifically, Finding Vulnerabilities with Crassus – A Case Study with ESET. I created Crassus on a whim a few years ago, and it's interesting to see that it *_still_ can find things. It's also interesting (disappointing) […] [Original post on infosec.exchange]

Here is a video demonstrating how truly awful the encryption implementation is in TeleGuard, a 'secure' messaging app with more than 1 million downloads. App uploads users private keys to company server; this shows the company is able to decrypt messages. Details: www.404media.co/a-secure-cha...

Looking forward to seeing a bunch of smug cosplaying activists tell me to use TeleGuard because Signal is a CIA op.

i was curious as to what the qr code in a meme actually said but it wasn't scannable so i spent 2 hours manually recreating and decoding it

I often hear: "The users will _love_ this." They don't.

la mia visione dell'ai non è pessimista o negativa per la tecnologia in sé, ma per chi e come l'adotta. c'è un motivo se il termine slop è popolare: le aziende non stanno provando a risolvere problemi reali con l'ai, stanno solo cercando di vendere prodotti sul brevissimo termine

Companies are gambling at this point. If you can, please speak up inside your company so they up their open source strategy and commit (more) funds to make our shared commons sustainable. We're going to lose it all. Funding dynamics in OSS need to change. Fast.

ShinyHunters breached Cisco AWS accounts and accessed internal source code using compromised CI/CD credentials linked to a third-party supply chain attack. They cloned repositories and stole sensitive data, underscoring risks in software supply chain security.

People are celebrating Kristi Noem and Pam Bondi being fired — rightly so, as they're terrible — but I also fear that the second- and soon to be third-choice picks will be worse. Trump does not have a deep bench for competency and they are all driven by similarly evil values.