NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

說大人，則藐之，勿視其巍巍然

joshua.hu/magic-switch-easil… joshua.hu/magic-switch-easil…

“You picked Johnny Cash’s picture. You did not pick his message. Try listening to the words.” @HunterBiden putting on a master class

Do I look like I’m a part of the elite oligarch class. This was taken at a super 8 motel off I95 by the way.

Sigh....

raising a seed round in 2030 like

yet another website with the "security" of hiding the email address that you *just typed in* when registering an account. this is what happens when security teams don't understand how people use their product.

Rsync developer started using claude :)

I found that sharing a Magic Touchpad and Magic Keyboard between two MacOS systems sucked. So I made Magic Switch: github.com/MegaManSec/magic-…

Has anybody used AI to find vulnerabilities (heresies) in TempleOS yet?

I gotta get one of those gobo projectors one day Or a sunset lamp

Sloppin'

curl -v "http://TARGET/$(python3 -c "print(' '*500, end='')")" nice test for CVE-2026-9256 aka nginx-poolslip

Logged on RuneScape for the first time in a while. Map looks a little different.