Gzobra

Realized from this and some other conversations that this was a bit implicit in my original argument. Added a section about this to my post: sunshowers.io/posts/on-poi...

In defense of lock poisoning in Rust · sunshowers It's worth retaining one of multithreaded Rust's most valuable features.

New post: a defense of lock poisoning in Rust.

Followup to recent discussion: decided to write about lock poisoning, looking at the arguments on each side, and informed by our experience at @oxide.computer dealing with the parallel problem of unexpected async cancellations

Please give it a read!

Voila les tabs ouverts depuis ?? que "je laisse pour plus tard"©

bit.ly/m/CaffeineOS
github.com/xen-project/...
www.linuxfromscratch.org/hints/downlo...
ntk148v.github.io/posts/linux-...
rayanfam.com/topics/hyper...
www.moritz.systems/blog/before-... (carafe, triste)
github.com/Torwang1/lin...

1/n

J'hésite entre merci pour ce partage d'infos et non merci pour la perte de temps libre en conséquence 😅

J'ai cherché sur wayback machine, il y a plusieurs archives de l'article que tu mentionnais comme perdu
web.archive.org/web/20250416...

THE ALGORITHMIC ANXIETY MACHINE | You can expose the social media algorithm dangers with OSINT If you want to know why teens feel broken, watch a fresh account for thirty minutes. It starts with jokes and ends in panic attacks, body shame, and self-diagnosis. Kids aren’t searching for this. The...

New Blog: This will be my last blog of 2025. And since we are close to the Xmas holidays kids will probably spend hours scrolling on their phones.
Read the blog here : THE ALGORITHMIC ANXIETY MACHINE | You can expose the social media algorithm dangers with OSINT www.dutchosintguy.com/post/the-alg...

Don’t forget the OpenBSD variant and socat(1)

New podcast episode drops next week 🎙️ Principal Security Consultants Oddvar Moe and Hans Lakhan are joining to talk footprint discovery for red teamers. Listen wherever you get your podcasts... just search for "Security Noise" and subscribe today!

Thank you
Also thank you to @simonwillison.net

@simonwillison.net
Hello
May i ask you if you have evaluated the power efficiency of the nvidia dgx spark ?
Or any electricity or power measure while it is loaded with models ?

Catching Credential Guard Off Guard - SpecterOps Uncovering the protection mechanisms provided by modern Windows security features and identifying new methods for credential dumping.

Credential Guard was supposed to end credential dumping. It didn't.

Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.

Read for more: ghst.ly/4qtl2rm

YouTube video by Recon Conference Recon 2025 - Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications

The recording of our (CC @nicolo.dev ) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl.bsky.social is now online!

Recording: www.youtube.com/watch?v=QxSG...

Slides: synthesis.to/presentation...

#BinaryNinja Plugin: github.com/mrphrazer/ob...

And there is a DeLorean DMC-12 too 👀

The web leaves clues. EyeWitness collects receipts. Gather information from web services in a whole new way with @redsiege.com's EyeWtiness!

Chris Traynor breaks down the tool so you can add it to your aresnal!

Download it on Github -- github.com/RedSiege/Eye...

Drasi at one year: now with GQL for change-driven solutions Drasi’s first year brings GQL support and community growth, empowering developers to build event-driven apps. Learn more.

Drasi turns 1! 🎉

We launched Drasi to make change-driven systems easier—and now we’re adding GQL support for continuous queries alongside openCypher. This means more flexibility and a future-proof path for graph-based apps.

opensource.microsoft.com/blog/2025/10...

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Microsoft Security Blog Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035. We are publishing this blog post to increase awareness of this threat and to share end-to-end protection coverage details across Microsoft Defender.

Storm-1175, a financially motivated actor known for deploying Medusa ransomware & exploiting public-facing applications, was observed exploiting the CVE-2025-10035 vulnerability in GoAnywhere MFT's License Servlet. Read our analysis & get detection+hunting guidance: msft.it/63325sIfZZ

LUTINOS! à vous la beauté des (vrais) microsevices, le live d'hier soir est en ligne et il vous apprendra *ENFIN* à créer facilement votre propre microvm NetBSD qui démarre... ce que vous voulez.
Enjoy youtu.be/yiWTi18oG8M et partagez vos expériences !

📱 Silent Smishing: The Hidden Abuse of Cellular Router APIs

Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.

blog.sekoia.io/silent-smish...

Now, i will work on studying device registration threats and hardening or detection

I watched it today: very well explained.
And using the graph to explain what threat actors may try and what defenders may harden is a super idea.
👏👏👏

Ça y est, notre hors-série consacré au pentest mobile est disponible en kiosque !

Vous pouvez également le retrouver en version numérique ou le commander en papier (les ports sont offerts) sur boutique.ed-diamond.com/nouveautes/1....

#pentest #iOS #android #cybersécurité

@drazuread.com
Hello,
I read your slides from OrangeCon. Many information(CAE, CAP, Token protection) in it,very informative. I know what to search for and what to learn now.
I will watch the video if it is published.
Thank you

Arghhhhhhhh, le jour où je pars en Europe centrale pour le $TAF

Beyond good ol’ Run key, Part 151

www.hexacorn.com/blog/2025/09...

Retrospective on hosting my blog inside an LTE modem, 4 years later Ethical Hacking and Cybersecurity Blog

Read the recent part 2
blog.nns.ee/2025/04/01/m...

@lefinnois.bsky.social je suis maintenant curieux de savoir si c’est vrai.

Ça y est, imil va encore changer le noyau pour ne plus appeler init.
Il noyaute NetBSD je vous dit!

Bonus Drop #98 (2025-09-14): Observable Notebooks Data Loaders Example This week, the Bonus Drop features a practical example of using Python data loaders in Observable Notebooks 2.0. Data loaders enhance notebook performance by executing code in advance, facilitating…

This week, the Bonus Drop features a practical example of using Python data loaders in Observable Notebooks 2.0. They enhance notebook performance by executing code in advance, facilitating access to diverse data formats.

dailydrop.hrbrmstr.dev/2025/09/14/b...

WSUS Is SUS: NTLM Relay Attacks in Plain Sight

Even with HTTPS, Windows Server Update Services can be abused if attackers obtain a trusted certificate, allowing authentication relay. In our latest blog, Austin Coontz explains how WSUS traffic can be found and abused, and what sparked his investigation. Read now!
trustedsec.com/blog/wsus-is...

Detecting Password-Spraying with a Honeypot Account

Password-spray detection typically relies on correlating failed logins over time, but this often leads to false positives. In our latest blog, Sean Metcalf shares how to detect password-spraying more accurately by leveraging a honeypot account. Read it now!
trustedsec.com/blog/detecti...

What WhatsApp’s “Advanced Chat Privacy” Really Does In April, WhatsApp launched its “Advanced Chat Privacy” feature, which, once enabled, disables using certain AI features in chats and prevents conversations from being exported. Since its launch, an

There’s been some confusion around what exactly WhatsApp’s “Advanced Chat Privacy” option does, so we dug in to see exactly how it works. www.eff.org/deeplinks/2...