A WhatsApp #E2EE & #OPSEC reminder: 1⃣Metadata is not protected by E2EE; WhatsApp knows phone #, profile name, contacts, groups etc. 2⃣Even with E2EE, the other end can leak 🤷 E2EE protects content in transit, not endpoints or metadata CC: @matthew_d_green @thegrugq @RidT

GREEN AGAIN! 🟢 And the Hypercar fight for P1 is ON! @NatoNorman in the #12 @CadillacVSeries hunts down @RFrijns in #20 @BMWMotorsport. Watch live on plus.fiawec.com. #WEC #LeMans24 #Cadillac #BMW

One of the most exciting Le Mans 24h editions of the last few years! With 5 hours to go, the top 3 of the Hypercar class is within 4 seconds 😅 🇳🇱 Dutchies in the lead in Hypercar, LMP2 and GT3 classes 💪💪

Releasing Tunnel Vision Toolkit, part of my @x33fcon talk on Microsoft Global Secure Access. Includes BOFs to assist in engagements where you face GSA, plus a rogue client that lets you connect to internal resources from unmanaged devices. github.com/ar0x4/tunnel-visi…

De VoC was ooit 8 triljoen waard op de beurs. Schijnt dat ze nog steeds bezig zijn met het afbetalen van de 36% belasting op ongerealiseerde winst. 🤣

It is frankly embarrassing that a sitting U.S. Vice President is unaware of one of the most elementary facts of World War II. Nazi Germany did not negotiate an end to World War II. The war in Europe ended with Germany’s unconditional surrender after total military defeat and the collapse of the regime in May 1945.

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

I cancelled my $10/mo Calendly subscription and vibe coded my own with Fable for $12,000

🚀The 10th edition of #x33fcon has come to an end. Ten years of knowledge sharing, innovation, challenges, and an incredible community. 👏A huge thank you to speakers, trainers, sponsors, partners, volunteers, the Expert Committee and attendees from all over the world making this edition truly special. 👉See you at #x33fcon 2027!

This was fun to do! Just hope it wasn’t too much ‘infosec-grandpas tell about the past’ 😂

Cobalt Strike 4.13 is live! Say "Hello World" to our Beacon Interpreter for native C scripting - plus an LLVM Beacon, smoother docking UX, sharper payload management and more. Read about all the new features in the release blog! cobaltstrike.com/blog/cobalt…

ServiceNow customers are being notified after unauthorized access hit multiple tenants. The messy part? A Scripted REST endpoint reportedly shipped with authentication disabled. No token. No valid session. No real user account. Just requests landing as “Guest” in logs. The IOC: 51.159.98.241 Security teams should be checking /api/now/related_list_edit transaction logs immediately.

Oh.

It’s hilarious that they made a huge deal about the cyber capabilities for months and then when they rolled it out, they’ve blocked the actual utility of the model by prohibiting cyber use 🤣 And yes this includes trusted testers. Like, what was the point in even releasing it?

Door een fout van bewindvoerders liggen de privé- en medische gegevens van mensen met schulden op straat. De organisaties wilden geen 10 euro per jaar betalen om hun oude domeinnaam te behouden, waarop nog veel gevoelige informatie binnenkwam. rtl.nl/nieuws/tech/artikel/5…

A careless code blunder just blew the lid off Beijing’s multi-million dollar AI propaganda operation targeting the West. France's digital interference watchdog, Viginum, has officially exposed "Fawn Mianju," a covert network of 13 multilingual fake news sites running on advanced automation and generative AI. The sophisticated network was completely compromised after a computer engineer working as a Senior Project Manager at China's state-run CGTN Digital accidentally left his login credentials exposed in the code. This operation, which expanded on findings first uncovered by U.S. cybersecurity firm Graphika in 2025, operated with deep financial backing. The domains were registered in Beijing, hosted on Alibaba Cloud, and utilized expensive infrastructure alongside paid plugins to artificially manipulate search engine rankings. Using digital keys linked directly to AI language models, the network automatically scraped CGTN articles, lightly rewrote them, and republished over 2,300 articles, often within less than an hour of the original state media broadcast. Sites like the French-language "Actu Méridien" were weaponized to manipulate public opinion across 89 countries, heavily targeting Western audiences and Francophone African youth. The articles aggressively peddled pro-Beijing narratives, painting China as the undisputed leader of the Global South and green energy transition while explicitly telling Western readers that aligning with Chinese interests would bring them massive benefits. Despite the cutting-edge tech and heavy state funding, the operation was an organic flop. The articles struggled to breach 15,000 views, with nearly 40 percent of its top social media engagement traced back to fake accounts in Burundi whose sole purpose was to artificially inflate the content. While the reach was limited, French authorities warn that the operation exposes Beijing’s rapidly escalating capability to launch fully automated, stealth disinformation campaigns designed to quietly erode Western democratic alignment. #Disinformation #CyberSecurity #France #China #AIPropaganda #Geopolitics #Viginum #NationalSecurity

When you need to double check if its a parody account 😬😬

Ffs When do we collectively just give up on npm?

Cobalt Strike 4.13 has a new Aggressor hook to support BOF cocktails. Here's a quick walkthrough: rastamouse.me/bof-cocktails-…

Good lord 🤮