Dave Aitel

ok ima fight postgres query planner damn query planner got hands

How cool is this cover?

Great book

#FUZZING'26 CALL FOR PAPERS
──────
✨ After 5 years, we will be again co-located with NDSS!

🔗 fuzzing-workshop.github.io
📅 11. Dec (Submission)

//cc @mboehme.bsky.social (MPI-SP), @ruijiemeng.bsky.social (CISPA), @rohan.padhye.org (CMU), László Szekeres (Google)

Rest in peace stealth :( www.thc.org/404/stealth/...

N. Korean hacking group Lazarus behind 31 attacks over past year: report | Yonhap News Agency SEOUL, Nov. 30 (Yonhap) -- North Korean hacking group Lazarus is suspected to have been be...

According to AhnLab, the N. Korean Lazarus Group, responsible for the recent massive theft from crypto exchange Upbit, has engaged in 31 cyberattacks, followed by DPRK's Kimsuky, which has launched 27 cyberattacks, over the past year.

en.yna.co.kr/view/AEN2025...

Iranian hackers claim they left a heavy bouquet in Israeli nuclear scientist’s car Iranian hacker group Handala claims it broke into the car of an Israeli nuclear scientist, left a heavy bouquet and a veiled threat, and released what it says are names and phone numbers of Unit 8200 ...

[Correcting an earlier post]

This is creepy. The Iranian hacking group Handala hacked an Israeli nuclear scientist’s car and left a threatening message.
www.ynetnews.com/article/s161...

You take the heros you can get: How Craig Jones Is Trolling the Culture Warriors Taking Over His Sport - The New York Times share.google/SOIhkOx8Qud2...

youtu.be/Lvz2_ZHj3lo?...

The slow rise of SBOMs meets the rapid advance of AI Despite progress from CISA and global regulators, SBOM adoption in the private sector remains slow as experts debate if AI-driven coding will improve or undermine software security and transparency.

As SBOMs slowly progress at the federal level and in enterprises, the rise of AI coding assistants is fueling optimistic—and, some experts argue, “kind of insane”—claims about a future with vulnerability-free software.

Check out my latest CyberScoop piece. 1/2
cyberscoop.com/sbom-adoptio...

New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare | Amazon Web Services The new threat landscape The line between cyber warfare and traditional kinetic operations is rapidly blurring. Recent investigations by Amazon threat intelligence teams have uncovered a new trend tha...

On the heels of @dlshad.net and @davidmagnotti.bsky.social’s presentation at #CYBERWARCON, happy to share the associated AWS Security blog post (with IOCs) aws.amazon.com/blogs/securi...

Scientists now know that bees can process time, a first in insects | CNN Bumblebees can process the duration of flashes of light and use the information to decide where to look for food, a new study has found.

Our study of time processing in bumblebees 🐝 covered by @cnn.com here edition.cnn.com/2025/11/12/s... . Our summary is here youtu.be/hsGxU65OMQk and the original paper royalsocietypublishing.org/doi/full/10.... @royalsocietypublishing.org

We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...

Germany wakes up to US tech dominance Paris and Berlin signal new united front on Europe’s technological independence.

Recent outages from major US cloud providers have jolted Germany into confronting America’s tech dominance. 

Macro photo of a black ant so shiny it looks molded from plastic, its body covered in fine swirling parallel ridges like human fingerprints. The ant is walking across wet moss.

Here's a different species, from Ecuador.

Finding 0day is the one unsaturated LLM eval left

Dan Geer has a new essay on the shift toward indeterminism in computing and implications for security.

“The limiting factor in offensive capability is not finding vulnerabilities, it is having the talent to turn them into dependable tools”. @daveaitel.bsky.social

www.computer.org/csdl/magazin...

Calvin Duncan wins Orleans clerk of court race - Verite News New Orleans Duncan, a political newcomer and former prisoner, defeated incumbent Darren Lombard by a wide margin in Saturday's runoff.

a big runoff last night, in New Orleans:

Calvin Duncan was exonerated after spending *28 years* in prison; he tried to get his own case records from the New Orleans city clerk—but the office dragged its feet.

So Duncan ran to become city clerk himself, and yesterday ousted the incumbent.

Tree

Marion County agrees to pay out $3M for newspaper raid, express regret • Kansas Reflector A handful of county-level officials who were involved in a small-town Kansas newspaper raid in 2023 will pay a cumulative $3 million to three journalists and a city councilor.

Breaking: Marion County agrees to pay out $3M for newspaper raid, express regret kansasreflector.com/2025/11/11/m...

Fedora man unmasked: Meet the teen behind the Louvre mystery photo "I didn't want to say immediately it was me," fifteen-year-old Pedro Elias Garzon Delvaux said. "With this photo there is a mystery, so you have to make it last."

www.npr.org/2025/11/09/n...

Dragon fly

COCOON COCOON takes you on an adventure across worlds within worlds. Master world-leaping mechanics to unravel a cosmic mystery.

If you like puzzle games this is an amazing buy www.cocoongame.com (free on PS5 if you have the subscription)

Cybersecurity breach at Congressional Budget Office remains a live threat Library of Congress employees were informed to take caution when emailing the office of the congressional scorekeeper.

Politico is reporting that the breach at the Congressional Budget Office is "ongoing."

“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.

YouTube video by The Wall Street Journal Why Costco Went All in on Kirkland — and How It Paid Off | WSJ Case Study

i find every story about costco's brand strategy and overall approach completely fascinating.

Tarte à la Citrouille - Pumpkin Pie …highly esteemed by the Americans

Since we're rapidly approaching Thanksgiving, some pumpkin pie history by @lifesafeast.bsky.social. I love pumpkin pie but since I was born south of the Mason-Dixon line, I also love sweet potato pie.

Who knew pumpkin pie originated in France?! jamieschler.substack.com/p/tarte-au-c...

He said there was no room to sleep. People sat up, slept on the floor, standing up. He saw many pregnant women there too. The conditions were unbearable. His wife is horrified by his account.

He said that the agents would throw food at them to eat. The agents threatened to withhold food for a week and to beat him up if he didn't sign deportation papers. He said he saw others refuse and get beaten/receive no food. He signed because he was afraid.

Her husband told her that detainees at Broadview had to get up at 5am to get in line for one bathroom. He often peed himself. One time he had to wait until 2pm to use the bathroom. You could only use the bathroom once a day. He said the agents would beat you if you used the bathroom on yourself.