¯\_(ツ)_/¯

Europeans remember to submit your post to the EU for approval first

TBH, it was good marketing, but when the gov already has a vendetta with you, might not be the best plan to say shit like "our product is like nuclear bombs".

Be careful what you shitpost

If I paid 1000$ outright for my device and there is no monthly fee I am paying for it, then the carrier shouldn't have the slightest say on what I'm using my phone for. They already intentionally throttle/qos limit older phones to drive upgrades. Don't give them more capability.

‼️Former CIA officer here. Spoke with @DailyMailUK about the UK MOD’s reckless blind spot on Chinese Bambu Lab 3D printers used in weapons and drones. These devices can be compelled under Chinese law to ‘phone home’ with designs, logs and metadata - YES, a potential backdoor. Sold at a deliberate loss below audit thresholds, it only gets worse. Britain should follow the @NATO approach: build sovereign, auditable and secure capabilities instead of adopting this unnecessary security risk. Story: dailymail.co.uk/news/article… #ChinaThreat #SupplyChainRisk #NationalSecurity

Can anyone say MFA Fatigue? Salesforce is requiring MFA rechallenges after a maximum of 2 hours for Reporting/Dashboards in their platform. Even for trusted ip addresses.

"This started out with Wifi 7 testing and ended in a national security event" youtube.com/watch?v=IfOgnDTR…

☠️

‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs." The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can. Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept. He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."