Articles across AI, biotech, forecasting, and emerging tech.
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the idea that the People’s Republic of China has mobilised its influence operations against the construction of US data centres and its build out of AI capacity. This episode is also available on YouTube. Show notes Red Rap Two Sessions Get on the Beers
Most plugin closures are uneventful. A developer stops responding, wp.org pulls the plugin, the listing goes dark, and that is the end of it. My WP Beacon
airgap is a transparent wrapper that runs programs in a mount namespace and redacts secrets from files, protecting against malicious npm install hooks and curious AI agents.
Meta’s WhatsApp said it will ask a US court to hold NSO Group in contempt, accusing the Israeli maker of Pegasus of once again using WhatsApp to try to lure targets into downloading the surveillance spyware. This violates a court order from last year that banned NSO Group from such practices. Speaking to Financial Times, senior researcher John Scott-Railton says “NSO Group is behaving just like the dictators they service — treating US courts as something to bypass, and hope that nobody notices.”...
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]. Malicious streaming devices sold online that enroll the user’s ...
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside a comment, it does not affect JavaScript execution. The runtime skips it. The real malware begins after the comment with a try{eval(…)} wrapper around a large character-code array and a ROT-s...
Google Chrome is downloading a 4 GB Gemini Nano model onto users
Current system status. View active incidents or upcoming maintenance. Subscribe to receive status notifications.
Why security through obscurity still matters: not as your only defence, but as a practical layer that raises attacker cost.
Virginia and Washington, D.C. paused the data collection and sharing, after Bloomberg's investigation found their health insurance marketplaces were sharing users' information with advertisers.
The mythical, it's text, so it's accessible There is a persistent misconception among sighted developers: if an application runs in a te...
Home About meCVE-2026-31431: Copy Fail vs. rootless containers04 May 2026Table of ContentsTable of ContentsIntroductionThe vulnerabilityAnalyzing the shellcodeSetting up the labSetting up rootless PodmanRunning the exploit inside a containerTracing the exploit mechanismWhy rootless containers stopped the escalationCatching the kernel in the act with eBPFThe uid_map proofConclusionsIntroductionIn the previous post about SELinux MCS and GitLab runners, I briefly mentioned CVE-2026-31431 (“Co
https://www.haaretz.com/israel-news/security-aviation/2026-0... (https://archive.ph/0QYbN)
GrapheneOS has a well-earned reputation for serious security work. Cellebrite — the forensics company law enforcement pays to crack phone...
Как рунет стал придатком Великого китайского файрвола: история одного цифрового следа
aws.com and google.com don't have DNSSEC enabled. GitHub Gist: instantly share code, notes, and snippets.
Information Camouflage Building lifelong customer relationships Menu About Advice Archive Blogroll Contact Cookies More Posts Honeypot Design 2026-06-07 (Last Modified: 2026-06-07) I’ve run various honeypots for a long time. I ran a WordPress honeypot off and on from 2013 to 2018. I’ve run endlessh on my home server for years. Before that, I ran the cowrie ssh/telnet honey pot for a while. Currently, this website runs a fake WordPress login that tells you that you’ve used the w
tower unite protected its backend handshake with hand-rolled rsa: a toy key generator, a 509-bit modulus, and a decrypt routine that leaked uninitialized heap. i factored the key over a weekend on my friends
Modern supply chain security for the npm ecosystem. Static + behavioral analysis that catches what npm audit, Snyk, and Socket miss — obfuscated payloads, credential stealers, conditional triggers, sandbox evasion, and worm-like propagation. - lateos-ai/npm-scan
DreamHost now adds a default agents.txt (similar to robots.txt) to hosted websites that discourages LLM training and agent actions and allows on-the-fly access. On the downside, they added it to existing sites without notice, and used a proposed spec that's already changed.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how NATO is set up to deter conventional conflict, and how that approach is fundamentally unsuited for ongoing, everyday cyber operations that are intended to confound adversaries. This episode is also available on YouTube. Show notes
Age assurance is becoming a requirement across the Internet. This post explores the privacy tradeoffs behind online age verification.
Almost 2,000 Arch Linux packages have been infected with malware in a supply chain attack, FISA surveillance powers expire for the first time since 2008, the FBI takes down a Chinese phishing service, and a major supply chain attack hits the WordPress ecosystem. Show notes Risky Bulletin: Arch Linux supply chain attack spreads to 1,900+ AUR packages
Senior researcher Luis Fernando García participated in a Conversatorio Regional hosted by CELS, ODIA, Democracia en Red, and Vía Libre on “Technologies of state surveillance, democratic control, and protection of civil space.” Fernando García spoke about the abuse of spyware, mass surveillance and advertising intelligence by governments across Latin America. Watch The post Luis Fernando García On State Surveillance in Latin America appeared first on The Citizen Lab.
What happens when the bits of an RSA private key are heavily biased toward 0 instead of being randomly generated? The public key’s bits could be biased enough for us to detect these incorrectly generated keys in the wild. Together with Hanno Böck of the badkeys project, we found hundreds of unique keys that not only have this property, but can be quickly factored. We also found the bug that led to many of these keys and analyzed historical data to track the issue over time. Surprisingly, the pat...
On February 15, 2026, the bulk carrier, Grumant (IMO: 9385879) was pictured at the occupied Ukrainian Port of Feodosia on the Crimean peninsula. Satellite imagery suggests it had already been there for several days. It appeared to stock up on grain before departing on a two-month-long journey eventually docking at the Port of Benghazi in Libya on April 18. While there have been previous reports of grain shipments from occupied Ukraine arriving in Libya, this is only the second time a Russian shi...
The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and other Bluetooth-enabled devices in those cars, potentially letting law enforcement identify specific drivers or passengers. The technology, called SignalTrace, would turn ALPR cameras from devices focuse...
Citizen Lab director Ron Deibert gave a keynote speech about the Greek spyware scandal at an event hosted by Eteron think tank in Athens in May. He described how the Citizen Lab helped bring to light the use of Intellexa’s Predator spyware against Greek journalists and political figures, triggering national and European investigations. Deibert noted that the investigative journalists working on the case are the real heroes, as “revealing what happens behind closed doors is essential to liberal d...
WhatsApp has caught the NSO Group phishing its users, in violation of a court order.
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group. A graphic created and shared by The Gentlemen ransomware group administrator Hastalamuerte on Breachforums in May 20...
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available. The software giant said in a blog post last month that both its engineers and the security community are increasing using artific...
This is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden “numbers station,” according to Steven Murdoch… That means every device that uses GPS has been receiving hidden government information for years, and nobody outside the military knew it until now. […] Murdoch discovered that this particular sentinel was transmitted by all 31 operational satellites within a w...
Introduction BOLT, originally developed at Meta and now part of the LLVM project., is a post-link optimiser that rewrites compiled applications to improve their performance. In 2024, Kristof Beyls at Arm built on top of BOLT a prototype static binary analyser to validate compiler code generation for security-related features. This tool operated directly at the binary level to "verify that a given hardening feature has been applied correctly across the whole binary," by checking whether the compi...
If you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enough to be embarrassing. The Orchard pool is the newest and most advanced shielded transaction system in the cryptocurrency Zcash. Introduced in 2022, it allows users to send and receive ZEC while keeping tr...
RubyGems adds dependency-cooldowns to counter supply chain attacks, AT&T and IBM are accused of hiding foreign hacks, Cisco warns of a new SD-WAN zero-day, and Google layoffs hit security teams. Show notes Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks
Researchers have prototyped an AI-powered internet worm. The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner’s original 1975 conception of a computer worm that I’ve seen.
Introduction LLMs and their web integrations now power countless applications, including some belonging to our customers who, naturally, may want to assess their resilience against attacks. Although these systems look very smart, trusting them blindly security-wise could be a catastrophic, as we will discover through this article. When the topic of LLM vulnerabilities comes up, most of the time, prompt injection comes on top. Buying a car for one dollar, social engineering a chatbot to reset pas...
Tom Uren and James Wilson talk about Tom’s trip to NATO’s Cyber Conflict conference. NATO countries want to bulk up their cyber efforts, and the pair discuss what that could look like. They also look at the US military’s admission that commercial location data was used to target personnel involved in Epic Fury, the US war on Iran. This is not surprising at all, and is just the most visible manifestation of the national security risks of this kind of data sloshing around. If Iran is analysing thi...
Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts: A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification c...
If you work in Android analysis, you have probably gotten your hands dirty with APK reversing: unzip the package, decompile it with JADX, browse the recovered Java code, and maybe pair it with some dynamic analysis using Frida. Most of the time this works smoothly, but occasionally you run into something that fights back, a packer that prevents access to the DEX, an obfuscator that makes the code unreadable, or a protector that actively blocks dynamic analysis. This post reviews the anti-analysi...
Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers.
New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable software vulnerabilities at unprecedented speed and scale. This development exposes decades of accumulated technical debt created by a software industry that prioritized rapid deployment over secure-b...
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into resetting account passwords. A screenshot from a video released on Telegram claiming to show how Meta’s AI customer support bot could be tricked into resetting a target’s password. On May 31, word began to spread...
A new Palo Alto Networks firewall bug is being exploited in the wild, Russia expands SORM surveillance, NIST is looking for new post quantum algorithms, and ENSOC launches in Europe. Show notes Risky Bulletin: Russia greatly expands SORM surveillance requirements
Introduction Scala is a modern multi-paradigm programming language designed to express common programming patterns in a concise, elegant, and type-safe way. It seamlessly integrates features of object-oriented and functional languages. Over the years, Scala has evolved through several major iterations, with Scala 2 and Scala 3 representing the most significant major versions to date. Scala 3 introduces a modernized syntax, a more consistent type system, and a new compiler. These improvements aim...
Citizen Lab doctoral fellow Swantje Lange spoke with the Hasso Plattner Institut (HPI) about sophisticated surveillance campaigns being used to exploit mobile networks, sharing that “the mobile network is highly opaque and extremely complex.” Lange also discussed a recent Citizen Lab report she co-authored with Gary Miller, which showed how weaknesses in technology and governance allow mobile networks to be used as covert surveillance platforms. Read more in HPI The post Researchers Uncover Espi...
Dutch police take down a botnet of 17 million devices, US military staff have been tracked with ad-tech location data, a Google engineer is arrested for insider trading on Polymarket, and Gogs and the Casdoor IAM leave major bugs unpatched. Show notes Risky Bulletin: Dutch police take down giant botnet of 17 million devices
Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals. This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, they interact with the objects and people around them. Those signals can be reflected, scattered, or absorbed. By analyzing how the signal is expected to behave compared with how it is actually received, r...