The latest WindowsUpdate disables Windows Explorer previews for files that were downloaded from the Internet or are on Internet Zone network shares.
gist.github.com/ericlaw1979/...
17.10.2025 16:36 β π 2 π 1 π¬ 0 π 0
YouTube video by Elle Cordova
For our scientists
Need a summary of all the ways the White House has gutted science?
π§ͺOr are you scientist who needs to hear your work valorized in song?
From brilliant songwriter, Elle Cordova:
βIf they donβt like the data in your graphs/theyβll just turn the lights out in your labβ
youtube.com/shorts/AYm9w...
24.09.2025 16:09 β π 42 π 16 π¬ 1 π 0
Search Jobs | Microsoft Careers
Come work with me on Microsoft Defender for Endpoint!
jobs.careers.microsoft.com/global/en/jo...
18.09.2025 18:23 β π 4 π 2 π¬ 0 π 0
Unicode 16.0.0
If you want to understand the struggle anyone doing input validation has, just look at ver 16.0 of the unicode standard: unicode.org/versions/Uni...
Unicode 16.0 adds 5185 characters, for a total of 154,998 characters
244 pages.
yeah, good luck with that.
<script>alert('πππ')</script>
29.08.2025 11:08 β π 6 π 4 π¬ 0 π 0
So Long to Techβs Dream Job
Five-ish years ago, @lizthegrey.com told me tech workers needed to organize because the tech giants would automate their jobs, the market would flood with talent and they would lose bargaining power. I thought it was unlikely. Hereβs a story about me being wrong. www.nytimes.com/2025/08/04/t...
04.08.2025 15:04 β π 301 π 82 π¬ 5 π 5
I'm exploring new engagements! If your team needs expertise in cybersecurity, risk assessment, tech policy, regulations (GDPR, etc.), tech standards, strategic insight, or Comms/PR, let's talk! Open to contract, or flexible roles. DM/email at me@lukaszolejnik.com.
09.04.2025 14:30 β π 20 π 8 π¬ 0 π 1
Morning in Kyiv. No sleep. Air quality is extremely bad. City is covered in thick smoke.
This is Russian terror, aimed at people who chose to stay, resist and fight.
04.07.2025 06:31 β π 1820 π 832 π¬ 94 π 59
Re-reading Stumbling on happiness by @danielgilbert.bsky.social and loving every page again. Relatable facts, interesting actual and thought experiments wrapped in just my type of humor.
03.07.2025 10:14 β π 1 π 0 π¬ 0 π 0
OAuth is hard and we often find security flaws, but this is next level. Kudos to Modzero.
29.06.2025 10:24 β π 2 π 1 π¬ 0 π 0
A friendly reminder from the Patron Saint of the Internet, Deth Veggie
26.06.2025 03:49 β π 14 π 5 π¬ 1 π 0
So sorry to hear this. Chipped in and sharing.
26.06.2025 20:08 β π 0 π 0 π¬ 0 π 0
Hey, we can sell you a USB-HDMI adapter that works well in your office but flickers on stage.
16.06.2025 06:41 β π 1 π 0 π¬ 0 π 0
Roundcube β€ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]
A deep technical breakdown of CVE-2025-49113, a critical Roundcube vulnerability involving PHP session serialization. Learn how the bug was discovered, exploited, and responsibly disclosed with full P...
Threat actors are exploiting a recently patched vulnerability in the Roundcube webmail server.
Attacks began two days after a patch was published on GitHub.
FearsOff believes attackers bin-diffed the code before a final patch was ready and started exploiting servers.
fearsoff.org/research/rou...
05.06.2025 11:27 β π 7 π 2 π¬ 1 π 1
Hacking My Car, and probably yoursβ Security Flaws in Volkswagenβs App
This flaw made me the owner of thousands of cars (sort of).
Volkswagen fixed vulnerabilities in its mobile app that could allow attackers to hijack user accounts and retrieve car/owner details.
The app lacked brute-force protection, stored internal credentials in plaintext, and exposed any car owner's details via a VIN.
loopsec.medium.com/hacking-my-c...
18.05.2025 14:16 β π 33 π 11 π¬ 1 π 4
You receive a call on your phone.
The caller says they're from your bank and they're calling about a suspected fraudulent payment.
"Oh yeah," you think. Obvious scam, right?
The caller says "I'll send you an in-app notification to prove I'm calling from your bank."
𧡠1/4
03.05.2025 08:32 β π 1646 π 1015 π¬ 18 π 269
Makes sense, thanks.
02.05.2025 20:59 β π 1 π 0 π¬ 0 π 0
Perhaps to prevent someone from pasting your potentially sensitive clipboard content to the username field?
02.05.2025 16:24 β π 0 π 0 π¬ 1 π 0
New Windows 7 And Windows Server 2008 Security Updates Confirmed
Users of end-of-support Windows 7 and Windows Server 2008 platforms are advised of the availability of new security updates.
By me @forbes.com: Roll up, roll up, you legacy-loving loons, get your Windows 7 and Windows Server 2008 R2 security updates here. #kudos @0patch.bsky.social and @mkolsek.bsky.social
#infosec
www.forbes.com/sites/daveyw...
29.04.2025 13:32 β π 5 π 2 π¬ 0 π 0
Oh
15.04.2025 10:52 β π 1 π 0 π¬ 0 π 0
No Reboot Security Updates Come To Windows 11 β But Thereβs A Catch
Imagine being able to update Windows 11 with security patches but without rebooting. Well, now you can. But thereβs a catch.
By me @forbes.com: Maybe Microsoft just needs to buy @0patch and be done with it? The security hotpatching needs of the many outweigh the needs of the few, as Mr Spock so famously said.
#infosec
www.forbes.com/sites/daveyw...
14.04.2025 13:56 β π 3 π 1 π¬ 0 π 0
Windows Passwords At Risk As New 0-Day ConfirmedβAct Now
New Windows password hash-stealing threat has no official fix. Here's how to stay protected for now.
By me @forbes.com: Pass the hash, anyone? New NTLM zero-day with no Microsoft fix confirmed. #kudos @mkolsek.bsky.social for this one.
#infosec
www.forbes.com/sites/daveyw...
26.03.2025 11:13 β π 2 π 1 π¬ 1 π 0
Anyone who says they never fell for a phish or other online scam is either lying or doesn't use the Internet. We have all been there.
Well done to @troyhunt.com for being so open about his experience so that we can all learn from it
25.03.2025 09:16 β π 27 π 7 π¬ 0 π 0
Bypassing Detections with Command-Line Obfuscation
Defensive tools like AVs and EDRs rely on command-line arguments for detecting malicious activity. This post demonstrates how command-line obfuscation, a shell-independent technique that exploits exec...
Signature based security only stops script kiddies. Always has.
Signature based security (partial list):
- AV/EDR/IDS
- virtual patches
NOT signature-based security (partial list):
- actual security patches
- canaries
- firewalls
- application control
- MFA
www.wietzebeukema.nl/blog/bypassi...
24.03.2025 12:45 β π 0 π 0 π¬ 0 π 0
Engineer | Security Researcher | Recovering Academic | KD2WON
https://mulliner.org/collin
Security Researcher and Reverse Engineer
Seek first to understand.
Impatient optimist. Dad. Zetetic. Author. Speaker. Made Fiddler & SlickRun. My code runs in your browser. @ MSFT 18y+ on web and security. My words are my own.
he/him
https://ericlawrence.com/
https://textslashplain.com/
I work on the Windows engineering team at Microsoft and help with feedback for Start menu, Settings, taskbar, input + more
You can find me on most of the other social media apps including Twitter and reddit with the same account name @jenmsft
Ransomware, Online Security, and Malware. Owner, Editor in Chief of @bleepingcomputer.com
DM on Signal: LawrenceA.11 * Telegram: lbleeper * http://infosec.exchange/@lawrenceabrams
0day Researcher @ ββββββββββββ / Baker / 0wl
// I post random things on here
Menswear writer. Editor at Put This On. Words at The New York Times, The Washington Post, The Financial Times, Esquire, and Mr. Porter.
If you have a style question, search:
https://dieworkwear.com/ | https://putthison.com/start-here/
CTO @TrustedSec.com | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Hacker. Enby. Administrative inconvenience. Purveyor of technically sophisticated shitposts.
Suing the UK for more gender, help with my legal bills: https://enby.org.uk/
Mastodon: https://infosec.exchange/@ryanc
Non-binary trans androgynous (they/them)
Dad, Powerlifter, Security at Apple, Photographer
Security Engineer @ Cloudflare,
ex-Google ISE,
I use bad software and bad machines for the wrong things.
My writing: https://carstein.github.io
Senior Systems Engineer focused on Microsoft technologies.
