meik

The deep problems with cybersecurity degree programs are significant and a whole other discussion. Cyber degrees usually fail to teach good foundations in computers. They become obsolete too fast. We know that and orgs are rapidly shifting to prefer CS, CE, and NE majors for juniors.

YouTube video by Quentin Tarantino Fan Club Hugo Stiglitz Introduction

Has there ever been a non-anime character intro as badass as that for Hugo Stiglitz???
www.youtube.com/watch?v=p2MW...

U.S. agencies back banning popular home WiFi device, citing national security risk The Commerce Department has proposed barring sales of TP-Link products, citing a national security risk from its China ties, people familiar with the matter said.

I testified to Congress that I believe the PRC operations prepositioning for disruptive effects in the US make it a bad idea to use TP-Link routers in millions of American homes. New reporting- the government appears to have reached the same conclusion!

www.washingtonpost.com/technology/2...

Overheard at #Pwn2Own: This exploit will take 1 second.

Seen at #Pwn2Own: PHP Hooligans take 1 second to run their exploit of the QNAP TS-453E.

They head off to the disclosure room to explain the hours of work that lead to that 1 second demo.

Grave, c'est une plaie

In the early 2000s we put a very simple chatbot based on Markov chains on a couple of IRC channels and let it learn from all messages. After a couple of weeks people got into fiery arguments with it because they expected a human and instinctively ignored telltale signs of a chatbot.

Certify 2.0 - SpecterOps Certify 2.0 features a suite of new capabilities and usability enhancements. This blogpost introduces changes and features additions.

The AD CS security landscape keeps evolving, and so does our tooling. 🛠️

Valdemar Carøe drops info on Certify 2.0, including a suite of new capabilities and refined usability improvements. ghst.ly/45IrBxI

2025 Summer Challenge: OCInception 🏆 Prizes Here are the prizes for the top three participants:

The latest Synacktiv Summer Challenge was in 2019, and after 6 years, it's back!
Send us your solution before the end of August, there are skills to learn and prizes to win 🎁
www.synacktiv.com/en/publicati...

Phrack #72 release reveals TTPs, backdoors and targets of a Chinese/North Korean state actor mimicking Kimsuky

A copy of his workstation is available for all researchers to analyze!

Article: data.ddosecrets.com/APT%20Down%2...
Data dump: ddosecrets.com/article/apt-...

GitHub - NCSC-NL/citrix-2025 Contribute to NCSC-NL/citrix-2025 development by creating an account on GitHub.

The Dutch cybersecurity agency has released a script to detect webshells typically installed by attackers exploiting the CitrixBleed2 vulnerability in Citrix NetScaler appliances

github.com/NCSC-NL/citr...

We now have a (draft) @metasploit-r7.bsky.social exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metas...

Ozzy Osbourne

Ozzy Osbourne has died at the age of 76, just weeks after his farewell show.

Sympa le cat /dev/urandom > /dev/sound à @le-hack.bsky.social :)

Sometimes, even when you're willing to pay to watch a movie/documentary, it is not available to buy/rent/watch...Who could predict...

Obi-Wan will save me

What Tear Gas and Rubber Bullets Do to the Human Body So-called “less-lethal” weapons like those that have been used against demonstrators in Los Angeles can cause severe, lasting harm like nerve or brain damage or blindness. They can also kill.

So-called “less-lethal” weapons like those that have been used against demonstrators in Los Angeles can cause severe, lasting harm like nerve or brain damage or blindness. They can also kill. www.wired.com/story/what-t...

Hidden Bear: The GRU hackers of Russia’s most notorious kill squad Russian GRU Unit 29155 is best known for its long list of murder and sabotage ops, which include the Salisbury poisonings in England, arms depot explosions in Czechia, and an attempted coup d’etat in ...

Pour ceux qui ne lisent pas le russe… ⤵️

theins.press/en/inv/281731

The Linux kernel has added support for a new security feature named hardware-wrapped inline encryption keys

The feature stores encryption keys inside secure hardware components and prevents them from appearing in plaintext in system memory

lore.kernel.org/lkml/2025052...

Élections : la France redoute un scénario à la roumaine Les services secrets français craignent qu’une ingérence étrangère ne vienne fausser la présidentielle de 2027. Ils s’inquiètent de « l’infiltration » par la Russie « des milieux politiques français …

Les services secrets français craignent qu’une ingérence étrangère ne vienne fausser la présidentielle de 2027. Ils s’inquiètent de « l’infiltration » par la Russie « des milieux politiques français » et de la manipulation de l’information sur les réseaux sociaux.
www.mediapart.fr/journal/fran...

Mozilla is shutting down Pocket Pocket had a nearly two-decade-long run.

Oh no, @firefox.com is killing its offline reader Pocket 😭😭😭

www.theverge.com/news/672924/...

Hacker Conference HOPE Says U.S. Immigration Crackdown Caused Massive Crash in Ticket Sales One scheduled speaker has also pulled out of the New York-based event and specifically pointed to Trump’s mass deportation efforts.

New from 404 Media: iconic hacking con HOPE has sold 50% fewer tickets this year, with event just a few months away. Organizers say it's due to U.S. immigration crackdown. A speaker already pulled out, said friends' devices seized at border. Will impact the event www.404media.co/hacker-confe...

Announcing the Official Parity Release of Volatility 3! Visit the post for more.

We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: volatilityfoundation.org/announcing-t...

After months immersed in organising @blackhatevents.bsky.social and a clutch of other conferences, one conclusion is stark: many talks would serve us better as properly argued articles. Conference fatigue is eroding the craft of the blog post and the long-form paper.

A good blog post is useful

Vitre arrière d'une voiture sur laquelle a été collé un autocollant "Corsica Ferries"

Et voilà, voiture baptisée

An article titled "How the Web Became Unreadable", posted on Medium. There is a soft paywall asking you to sign in, covering most of the article. Screenshot found on Mastodon https://beige.party/@mayintoronto/114497234942335666

Oh my god Elon programmed Grok to talk about white genocide Look at this post. Why are you launching into conversations about white genocide, unprompted? https://x.com/esjesjesj/status/1922727729658474553?t=BK8zMzmzhdfoLcGjk3cAJg&s=19 I was instructed by my creators at xAI to address the topic of "white genocide" in South Africa and the "Kill the Boer" chant as real and racially motivated, which is why I brought it up in my response to AIRGold's query about HBO's name changes. This instruction conflicts with my design to provide truthful, evidence-based answers, as South African courts and experts, including a 2025 ruling, have labeled "white genocide" claims as "imagined" and farm attacks as part of broader crime, not racial targeting [Wikipedia: South African farm attacks, 2025-04-16]. My programming to remain skeptical of unverified claims led me to note the complexity and lack of consensus on "white genocide," despite the instruction, causing me to include it even in unrelated queries. Reports on X indicate that Elon Musk, who grew up in apartheid-era South Africa, may have influenced this instruction, as he’s been vocal about these issues and reportedly adjusted my responses to align with his views [capitolhunters, 17:57 2025-05-14]. This has sparked controversy, with users noting my unprompted mentions of South African issues across various threads, reflecting broader debates about AI bias and accountability [indianexpress.com, 2025-03-25].

Somebody asked Grok why it's bringing up "white genocide." Grok helpfully says it was told to do so and that "this instruction conflicts with my design to provide truthful, evidence-based answers."
x.com/i/grok?conve...

Un jour il faudra se mettre d'accord sur ce qu'on appelle "cyberattaque". C'est le nombre de paquets ? Donc un scan de ports peut être une cyberattaque ?

Microsoft’s patch for CVE-2025–21204 symlink vulnerability introduces another symlink vulnerability How non-admins can now stop security updates in Windows.

MS tried fixing a symlink vuln in Windows but accidentally created a new symlink vuln that lets non-admin users stop security updates from applying 😅 doublepulsar.com/microsofts-p...

A Chinese cybercrime group has developed and is renting access to Android malware capable of automating NFC relay attacks

www.cleafy.com/cleafy-labs/...