Sijisu

NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign | TechCrunch The five-year legal battle between the Meta-owned company and the most notorious spyware maker in the world ends with a huge win for WhatsApp.

BREAKING: Spyware maker NSO Group must pay $167 million to WhatsApp for a hacking campaign in 2019 that targeted more than 1,400 chat app users.

This is a huge win for WhatsApp. NSO says it will consider appealing.

techcrunch.com/2025/05/06/n...

The Real Lesson of SignalGate A surveillance arms race has poked a gaping hole in national security.

"Were any of the Houthi Signal group members compromised at the time they discussed the Yemen attack plans? Frankly, it would be shocking if they were not."

My latest in @foreignaffairs.com on "The Real Lessons of SignalGate"

www.foreignaffairs.com/united-state...

Really nice :)

Hot take: Skoro měsíc úplně vevnitř veřejné správy v tom mám docela jasno.

Veřejná správu nepotřebuje další rady, jak to dělat líp, ale potřebuje lidi vevnitř, kteří to líp odmakají.

EU issues US-bound staff with burner phones over spying fears European Commission officials heading to IMF and World Bank spring meetings advised to travel with basic devices

https://www.ft.com/content/20d0678a-41b2-468d-ac10-14ce1eae357b

Congrats!

Tracing the thoughts of a large language model Anthropic's latest interpretability research: a new microscope to understand Claude's internal mechanisms

www.anthropic.com/news/tracing...

Screenshot showing an ASCII-art banner in the TempleOS text editor. The banner consists of the TempleOS logo with the text "Holy M0le" and a small Mole Antonelliana aside.

I wrote a TempleOS pwn challenge for m0leCon CTF Finals 2025, which took place last week. Pretty fun, players really seemed to like it. Source and writeup here: github.com/mebeim/ctf-c.... Also shout out to Phillipp Mao from 0rganizers for his own writeup: philippmao.github.io/writeups/hol...

Is the cure to male loneliness starting a group text to bomb the Houtis?

carstein.github.io/short/2025/0...

Exciting news! Zed now has native Git support starting from v0.177. Designed for speed, Git-native functionality, and a keyboard-first workflow.

Memory Safety Is this memory safety here in the room with us? Halvar Flake / Thomas Dullien DistrictCon 0 2025

I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.

Slides are here:
docs.google.com/presentation...

YouTube video by Technology Connections Algorithms are breaking how we think

Surely this new video won't make me seem like a crank.
www.youtube.com/watch?v=QEJp...

(AP) — Elon Musk’s cost-cutting team is eliminating jobs at the vehicle safety agency that oversees Tesla and has launched investigations into deadly crashes involving his company’s cars.

#OligarchEra 🇺🇸
apnews.com/article/musk...

The people who think they are good at everything because they are good at coding are also bad at coding.

Deepseek-R1...

1) Is very impressive
2) The 32B version runs very well locally on a 4090
3) Will put a lot of pressure on the big US labs to open-source
4) Will be used in a lot of abuse/spam
5) Has some interesting holes in its knowledge:

This is a great post on bug bounty reddit!

OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...

Cloudflare Issue Can Leak Chat App Users' Broad Location A security researcher made a tool that let them quickly check which of Cloudflare's data centers had cached an image, which allowed them to figure out what city a Discord, Signal, or Twitter/X user mi...

A bug in Cloudflare (and just the nature of how CDNs work) let an attacker learn the broad location of Discord, Signal, Twitter users by just sending them an image, according to a security researcher. It works because check which data center cached the image www.404media.co/cloudflare-i...

Many YouTube videos lately are clickbait and stretch out a Wikipedia page into 30 minutes. Many videos are just questions with simple answers.

So I built tldw.tube: put in the URL and save your time!

(No hate on Veritasium, it just happened to work well for the screenshot)

My new C programming book is slowly taking shape. If you want to learn along, let's start with the basics of control flow:

godbolt.org/z/3GerY3zEc

1/5

That's a good one

Is there a xkcd relevant to this post?

Fearsome File Formats Presented at 38C3 in Hamburg on the 28th December 2024. With so many open-source parsers being tested and fuzzed, and widely available specs, what c…

I presented about file formats at #38C3.
Thanks for the feedback everyone!
speakerdeck.com/ange/fearsom...

Yeah, that seems wrong indeed.

This is the correct answer.

You are welcome :)

Modern solutions against cross-site attacks (frederikbraun.de/modern-solut...): An article about cross-site leak attacks and browser-based defenses. You will also learn why web security best practices is always opt-in and finally how YOU can get increased security controls.