I INSTALLED A KERNEL MODE ANTI CHEAT SOMEONE HELP ME OH MY GOD ITS ALL OVER MY KERNEL ITS CHINESE AND INSIDE OF ME KERNEL

Wanted to provide more clarity about this. Yesterday, we had a regression in merge queue behavior where, in some cases, squash or rebase commits were generated from the wrong base state, making earlier changes appear reverted in branch history. 2,804 pull requests out of over 4M merged on April 23 (roughly 0.07%) were affected. We fixed the issue, we've contacted every impacted customer, and we're expanding our automated test coverage for merge queue operations. The team will be updating the status page with RCA details as well.

AI is amazing. I am extremely pro-AI 1. It has lowered the barrier of entry for programmers, resulting in hundreds upon hundreds of slop applications vulnerable to everything. This is job security. 2. AI influencers keep saying AI is going to destroy cybersecurity. This is good. AI influencers don't understand the size and scope of cybersecurity, they think it's just smashing a keyboard and making cat noises. This makes people less likely to enter our field, making us more valuable, making us more money. It's job security. Keep telling people cybersecurity is dead. 3. It's given us a new area of research: AI security 4. It's made task automation easier with slop Python scripts. In summary, cybersecurity is dead. DO NOT try to work in this field. It's all over. Cybersecurity has been solved!

Mr. Titus Tech is correct. cpuid-dot-com is indeed delivering malware right now. As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs file masquerading, is multi-staged, operates (almost) entirely in-memory, and uses some interesting methods to evade EDRs and/or AVs such as proxying NTDLL functionality from a .NET assembly. The C2 domain present in one of the binaries is a clear IoC. This is the same Threat Group who was masquerading FileZilla in early March, 2026. They've been busy.

This is one of the most useful Claude Code posts we’ve seen. Real data, not theory. The ENABLE_TOOL_SEARCH fix alone is worth the thread. Loading every tool schema on every turn is silent murder on your token budget. We hit the same bloat building Pelican’s multi-tool architecture and had to restructure how context loads for exactly this reason. The cache expiry finding is the one nobody talks about. You pause for five minutes to check a chart or read an article and your entire conversation rebuilds at full price. That 10x cost jump is real and it’s happening to everyone running long sessions. Two more areas worth auditing: redundant file reads aren’t just wasted tokens, they’re many chances for the model to subtly reinterpret your code differently across a session. And check for base64 encoded content persisting in context from file operations or image generation. That stuff sits there silently eating tokens across every subsequent turn.

Oracle is such a terrible, evil, slime company it borders some sort of twisted black comedy skit. During the beginning of the Trump administration Larry Ellison discussed building some sort of super-AI system and said it would create as much as 100,000 jobs in the United States Fast forward, March 2026, Oracle lays off 30,000 people. 30,000 people is an absolutely insane number. Oracle sent out at email at 6am to 30,000 people which were selected using some sort "selective process", which was a computer program, or something, I don't know. You go online and see people who have worked at Oracle for over 30 years being terminated. People who have had great reviews, sacrificed for the company, ... someone there was terminated and began working at Oracle in 1993. 1993 - 2026 and then terminated by a decision from a computer program while the United States economy is already sliding into the pisser, with inflation, housing crisis, government assistance cuts, gas prices raising, and companies creating hiring freezes Then today it's announced Oracle has put in H1B requests for approx. 3,000 employees from overseas What a fucking piece of shit fucking company.

Part of TeamPCP's success thus far has been the speed in which they operate. tl;dr teampcp doing lots of supply chains, exhausting, smash and grab passwords, runaway, really tiring Generally speaking, large scale supply chain attacks are quiet with the focus being silence and espionage. A notable example of this is SOLARWINDS supply-chain attack which was conducted by the Russian Federation. The goal is to discretely insert malicious code into a products update cycle. The payload would (under ideal circumstances) execute with specific triggers in place and BE QUIET. They don't want to set off any metaphorical alarms. You quietly watch and SLOWLY work. TeamPCP (as of this writing) has focused on information exfiltration (stealing sensitive data, primarily credentials) which is more akin to a smash-and-grab rather staying silent and watching what people are doing with their binoculars. A successful supply chain attack can be a DFIR (Digital Forensics and Incident Response) nightmare. Many organizations do not have an internal DFIR on staff, hence they consult with external entities. Suddenly with a supply chain attack you've got dozens of organizations contacting the same group of companies needing a forensic investigation launched. These DFIR's can take time with reporting, identifying victims, potential PII or sensitive documents stolen, cooperation with law enforcement and legal departments (or external law firms) ... it can take days, weeks, or (depending on the scope of impact and bureaucracy) months. And then suddenly there is another supply chain attack ... and then another ... and then another ... and then another ... with a total of 50 as of this writing. The best I can describe what I'm currently seeing is a "DFIR resource exhaustion" technique. If you've got only a handful of DFIR firms spread thin across a dozen of so companies and then ANOTHER supply chain attack happens AND THEN ANOTHER AND THEN ANOTHER, with some organizations potentially being hit multiple times, it's a nightmare come alive. TeamPCP (as of what we've learned thus far) successfully used a supply chain attack to pivot to other supply chain attacks. They're chaining chains. The concern now is they've performed 50 supply chain attacks in 8 days. Is there anymore coming? Has any other vendor failed to rotate their security credentials correctly? Is any company not cooperating? What data was stolen? How many companies are even impacted? How many are unaware of what happened? How much user PII was stolen? How were these other supply chain attacks conducted? The current prevailing theory is all of these supply chain attacks are the result of the initial Trivy supply chain attack, however (unironically) DFIR work must be conducted and more investigative work needs to be performed. It is dangerously to assert with high-confidence it is the result of the Trivy supply chain attack. If you're wrong, what if it's from something else we're not aware of yet? I'm sure not all details are public (yet). More information will come out eventually. This sort of DFIR work would take months but now it's a race against the clock hoping another doesn't occur. 2026 starting off strong.

BurpSuite demo on the Juice Shop web app.

Nathan’s presentation on WebApp hacking at yesterday’s meetup. Shout out to our sponsor SIXGEN.

Key developments going into Monday. THE ULTIMATUM Trump gave Iran 48 hours Saturday night: fully open the Strait of Hormuz or the US strikes Iran's power plants. Deadline expires Monday evening. National Security Advisor Waltz confirmed Sunday: "He will start by attacking and destroying one of Iran's largest power plants." Iran's response: if power plants are hit, the Strait closes indefinitely, and all US-allied energy, water, and IT infrastructure in the region gets targeted. Both sides publicly locked in. THE WEEKEND STRIKES Iranian missiles hit Dimona and Arad near Israel's nuclear research center. 175 wounded. First time Iran targeted Israel's nuclear zone. This came hours after the US/Israel struck Iran's Natanz enrichment facility. Both sides are now hitting each other's nuclear infrastructure. -Iran fired ballistic missiles at the US-UK Diego Garcia base 2,500 miles away, demonstrating range beyond what was previously known. -Saudi Arabia intercepted missiles targeting Riyadh and shot down 6 drones headed for oil infrastructure. -Hezbollah intensified attacks from Lebanon. Israel struck bridges in southern Lebanon. MARKETS (Friday close) -S&P 500: ~6,538. New 2026 low. Fourth straight weekly loss. Below the 200-day MA for the first time in 214 sessions. -Oil: Brent $112. WTI $99. Peaked at $126 this month. Strait closed 22 days. 18M bpd offline. -Gold: Below $4,500. Down $1,100 from highs. Falling during a war because oil is forcing the Fed hawkish and strengthening the dollar. -Fed: Holding at 3.50-3.75%. Market pricing one cut at best. Some economists calling for a hike. -Jobs: Feb lost 92,000. Unemployment 4.4%. Inflation re-accelerating toward 3.2% . WHAT TO WATCH Sunday futures tonight are the first real price discovery after the ultimatum. The 48-hour deadline expires Monday evening. Markets will trade into the deadline, not after it. One variable determines the direction: does the Strait start reopening, or does the mutual infrastructure threat escalate? Everything else is noise.

Same video. Different numbers. That's the tell. First post: $71 to $2.7 billion. This post: $2,050 to $178,000. Same 21-second clip, same "late-to-tomorrow" watermark, same dashboard showing $96,965 P&L. They couldn't even agree on what the scam made. When the same video produces different return claims across different accounts, you're not looking at traders. You're looking at a coordinated content farm testing which numbers get the most engagement before dropping the affiliate link. Also still not Polymarket. Still a BTC 5-minute order book arbitrage terminal. Still using Stoikov market-making equations designed for centralized exchange limit order books. Polymarket has no limit orders. It has no order book. The strategy shown is physically incompatible with the platform named. 273 transactions per hour appears in both posts verbatim. That number was copy-pasted, not measured. One video. Multiple accounts. Multiple return claims. Zero wallet addresses across all of them. Ask Pelican. Get the receipts. Tag us when you see scammers.

Today United States Donald J. Trump released the "Cyber Strategy for America" document. It was highlighted by FBI Director Kash Patel. Let's take a look at it together. I'll translate it from fancy political speak into nerd speak. Intro: >america is cool and badass >were strong af fr >our hackers are schizo af >we could be strongerer >need corpos to work with us fr >were fuckin shit up so nerds cant hide >america 250 years old soon >computers are important Section Two: >we made the internet >we are the best in internet stuff >mean nerds fuck shit up on the internet >mean nerds pissing us off >"im trump and im not a bitch about cyber" >mean nerds targeting important shit online >this is a new era of cyberspace >lots of money online Section Three: >mean nerds pissing us off fr >if we cant internet you, well physically hurt you >he actually wrote that LOL >other countries have shitty AI >we have the best AI >were gonna work with unis and companies for AI >wont let people be censored online >something about people censoring americans >mean nerds will get sanctioned >mean nerds will be memed >mean nerds will get beat up (maybe) >america remove more regulations on AI >regulations slow us down >gotta go fast af boi fr >cybersecurity so important fr Donald J. Trump Pillars of Action: 1. Shape Adversary Behavior >mean nerds attacking americans and companies >theyre innocent ppl tho >nsa and cia given thumbs up to hack back extra >we raising aggression 2. Promote Common Sense Regulation >reduce cybersecurity regulation >checklists are for losers >regulation make companies less agile >companies and gov need to be fast af 3. Modernize and Secure Federal Government Networks >government computers are lame >will make them better >use best practices >use "post-quantum cryptography" >use "zero-trust architecture" >use "cloud transition" >will improve stuff to hunt down nerds we dont like >will use AI for cybersecurity 4. Secure Critical Infrastructure >critical infra support important >energy grid important af to defend >banks important af to defend >hospitals important af to defend >water plants important af to defend >telecoms important af to defend >datacenters important af to defend >must defend everything important af >stop using technology made by countries we dont like 5. Sustain Superiority in Critical and Emerging Technologies >america will make more tech stuff >we gonna protect what we make fr >cryptocurrency must be secured and stuff >we need quantum stuff >ai mega important tho >we need more ai for hacking and for defense >people we dont like hack dumb and shitty ai 6. Build Talent and Capacity >we need more nerds >nerds are unironically super important >need to invest in nerds >remove "roadblocks" for nerds (???) across industry >will invest in more nerd stuff for nerds to learn

TikTok tracks keystrokes in its in-app browser. LinkedIn reads clipboard without asking. Instagram tracks you across non-Meta sites. You're not paranoid about apps. You're paying attention to disclosures buried in their ToS updates.

"hey smelly how do i learn malware reverse engineering?" I DONT KNOW. I never took classes, I barely read any books on it. I learned C, malware dev, then I somehow magically learned asm and reverse engineering I learned backwards. You figure out a better way

Security salaries in 2026 are completely broken. I know people making $250k who can't exit vim, and people making $80k who are finding zero-days. We need to talk about this.

You're probably sick of me saying "B-tree" but these impact SO MUCH of database performance. They're used all over the place in Postgres, MySQL, and SQLite. This week I broke down B-tree lookups and how the page cache makes lookups faster.

YouTube can delete your entire career in seconds. No warning. No appeal. No human review. Here's what must change: 1️⃣ Right to Warning No termination without clear, specific warnings first. 2️⃣ Right to Fix Mistakes Give creators 7 days to fix issues before deletion. 3️⃣ Innocent Until Proven Guilty Stop treating 10-year veterans like spam bots. 4️⃣ Basic Legal Principles: → Assume Good Faith: Treat honest creators as honest until proven otherwise. → No Retroactive Punishment: Don't ban channels for old videos under new, vague rules. → Fairness for All: When a policy is improved, re-review past cases that would now be compliant. → Intent Matters: No harmful intent should mean no "crime." Until YouTube adopts these, every creator is one algorithm glitch from losing everything. If you believe creators deserve basic rights: ✅ REPOST - this matters most ✅ LIKE - helps spread further ✅ TAG @TeamYouTube & creators who should see this #YouTubeAIWrongedCreators

Clever youtu.be/efwDZw7l2Nk

Come see us for our Holiday Mixer. bsidestriad.org/meetups/2025…