Latest
- World Leaks: RDP Access Leads to Custom Exfiltration and Personalized Extortion
Two day intrusion. RDP brute force with a company specific wordlist, Cobalt Strike, and a custom Rust exfiltration platform (RustyRocket) that connected to over 6,900 unique Cloudflare IPs over 443 to pull data from every reachable host over SMB. Recovered the operator README documenting three operating modes and a companion pivoting proxy for segmented networks. Personalized extortion notes addressed by name to each employee with separate templates for leadership and staff. Writeup includes scr…
- As they got close to the Moon, Artemis II astronauts were eager to land
"If you had given us the keys to the lander, we would have taken it down."
- As they got close to the Moon, Artemis II astronauts were eager to land
"If you had given us the keys to the lander, we would have taken it down."
- Mozilla launches Thunderbolt AI client with focus on self-hosted infrastructure
New tool builds on deepset’s Haystack toward a “decentralized open source AI ecosystem.”
- Mozilla launches Thunderbolt AI client with focus on self-hosted infrastructure
New tool builds on deepset’s Haystack toward a “decentralized open source AI ecosystem.”
- New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works with cybersecurity researchers. [...]
- New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works with cybersecurity researchers. [...]
- HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
<!-- SC_OFF --><div class="md"><p><a href="/u/albinowax">u/albinowax</a> ’s work on request smuggling has always inspired me. I’ve followed his research, watched his talks at DEFCON and BlackHat, and spent time experimenting with his labs and tooling.</p> <p>Coming from…
- HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
u/albinowax ’s work on request smuggling has always inspired me. I’ve followed his research, watched his talks at DEFCON and BlackHat, and spent time experimenting with his labs and tooling. Coming from a web security background, I’ve explored vulnerabilities both from a black-box and white-box perspective — understanding not just how to exploit them, but also the exact lines of code responsible for issues like SQLi, XSS, and broken access control. Request smuggling, however, always felt differe…
- Dark Matter May Be Made of Black Holes From Another Universe
A model of the cyclic universe suggests that dark matter could be a population of black holes predating the Big Bang.
- Dark Matter May Be Made of Black Holes From Another Universe
A model of the cyclic universe suggests that dark matter could be a population of black holes predating the Big Bang.
- North Korea Uses ClickFix to Target macOS Users' Data
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
- North Korea Uses ClickFix to Target macOS Users' Data
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
- Ad firms settle with Trump FTC over claims they boycotted conservative media
FTC aims to stamp out brand-safety standards that hurt Breitbart and Musk's X.
- Ad firms settle with Trump FTC over claims they boycotted conservative media
FTC aims to stamp out brand-safety standards that hurt Breitbart and Musk's X.
- 'Harmless' Global Adware Transforms Into an AV Killer
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.
- 'Harmless' Global Adware Transforms Into an AV Killer
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.
- Europe’s Online Age Verification App Is Here
Available for free to any company that wants to use it, the “completely anonymous” app puts the pressure on porn sites and social media platforms to start blocking access by minors.
- Europe’s Online Age Verification App Is Here
Available for free to any company that wants to use it, the “completely anonymous” app puts the pressure on porn sites and social media platforms to start blocking access by minors.
- New Codex features include the ability to use your computer in the background
An in-app browser allows visual feedback while building websites and more.
- New Codex features include the ability to use your computer in the background
An in-app browser allows visual feedback while building websites and more.
- The Online Fiction Boom Reimagining China’s History
Chinese fantasy novels reimagine the past with modern tech and ideology. A new book argues they also help reinforce authoritarian politics.
- The Online Fiction Boom Reimagining China’s History
Chinese fantasy novels reimagine the past with modern tech and ideology. A new book argues they also help reinforce authoritarian politics.
- Musk v. Altman Is a Battle for OpenAI’s Soul
In Musk v. Altman, a jury will soon determine whether OpenAI has strayed from its founding mission to ensure AGI benefits humanity. Here’s what to know.
- Musk v. Altman Is a Battle for OpenAI’s Soul
In Musk v. Altman, a jury will soon determine whether OpenAI has strayed from its founding mission to ensure AGI benefits humanity. Here’s what to know.
- Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to t…
- Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections," Cisco Talos
- The UK Launches Its $675 Million Sovereign AI Fund
In a bid to minimize dependence on technology from other countries, the UK government is plowing resources into homegrown AI startups.
- The UK Launches Its $675 Million Sovereign AI Fund
In a bid to minimize dependence on technology from other countries, the UK government is plowing resources into homegrown AI startups.
- Google's AI Mode Update Tries to Kill Tab Hopping in Chrome
Google latest update to AI Mode in its Chrome browser is designed to keep the chatbot-style search tool always around once you start an online search journey.
- Google's AI Mode Update Tries to Kill Tab Hopping in Chrome
Google latest update to AI Mode in its Chrome browser is designed to keep the chatbot-style search tool always around once you start an online search journey.
- Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]
- Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]
- Two-Factor Authentication Breaks Free from the Desktop
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world.
- Two-Factor Authentication Breaks Free from the Desktop
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world.
- Microsoft's Original Windows Secure Boot Certificate Is Expiring
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon.
- Microsoft's Original Windows Secure Boot Certificate Is Expiring
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon.
- Anthropic Plots Major London Expansion
As tensions with the US government mount, Anthropic has leased a new office with enough space to quadruple its 200-person head count in London.
- Anthropic Plots Major London Expansion
As tensions with the US government mount, Anthropic has leased a new office with enough space to quadruple its 200-person head count in London.
- ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people'…
- ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough supply chain drama to fill a season of television nobody asked for. Not
- Congress Turns Up Pressure on DHS Over Palantir’s Role in Immigration Crackdown
Democrats are demanding answers about Palantir and other surveillance firms powering Trump’s hard-line immigration enforcement agenda.
- Congress Turns Up Pressure on DHS Over Palantir’s Role in Immigration Crackdown
Democrats are demanding answers about Palantir and other surveillance firms powering Trump’s hard-line immigration enforcement agenda.
- Open dataset: 100k+ multimodal prompt injection samples with per-category academic sourcing
<!-- SC_OFF --><div class="md"><p>I submitted an earlier version of this dataset and was declined on the basis of missing methodology and unverifiable provenance. The feedback was fair. The documentation has since been rewritten to address it directly, and I would very much appreciate a seco…
- Open dataset: 100k+ multimodal prompt injection samples with per-category academic sourcing
I submitted an earlier version of this dataset and was declined on the basis of missing methodology and unverifiable provenance. The feedback was fair. The documentation has since been rewritten to address it directly, and I would very much appreciate a second look. What the dataset contains 101,032 samples in total, balanced 1:1 attack to benign. Attack samples (50,516) across 27 categories sourced from over 55 published papers and disclosed vulnerabilities. Coverage spans: Classical injection …
- The 10 Best MagSafe Phone Grips for Your Butter Fingers (2026)
Keep your phone firmly in hand and add some personality with these comfortable, durable, and nifty smartphone grips.
- The 10 Best MagSafe Phone Grips for Your Butter Fingers (2026)
Keep your phone firmly in hand and add some personality with these comfortable, durable, and nifty smartphone grips.
- AVEVA Pipeline Simulation
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training&…
- CISA Adds One Known Exploited Vulnerability to Catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catal…
- Horner Automation Cscape and XL4, XL7 PLC
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and service…