‘Buffy The Vampire Slayer’ and ‘Ted Lasso’ actor Anthony Head has died at the age of 72.

Time to talk about this one. CopyFail (CVE-2026-31431) — a 732-byte Python script that roots every Linux distro shipped since 2017. 🧵

Sie haben auch erstmals ein AI-generated Video aus den vorher nachher Bildern online gestellt, was das Ausmaß finde ich nochmal deutlicher macht. Die Gletscher Österreichs sind in der Endphase.

It turned out there are many more payloads used in the Notepad attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month. Here are more IPs used in the attack: 45.76.155[.]202 45.32.144[.]255 Read below for many other IoCs! [1/8]

Non-malware schizos asking about why the Notepad malware payload was so interesting. Okay, we'll discuss it without getting too schizo. First, Rapid7 (and other various Cyber Threat Intelligence vendors) seem to generally attribute the Notepad compromise to Chinese APT group "Lotus Bloom". They attribute it to Lotus Blossom because they tend to recycle code segments to save time. Basically, fingerprints. Lotus Blossom is the invented name intelligence organizations have assigned to a group of Chinese government sponsored hackers. Their true identity is unknown, but speculative. It is not one person, it is likely a group of unknown size, it could two people, it could 15 people. Lotus Blossom has been active since 2009 (or so they speculate). Lotus Blossom are not noobs who do hacker noob stuff. Lotus Blossom is assigned high-profile tasks. Lotus Blossom does extremely specific targets, most notably they are instructed by the Chinese government to hack government institutions, telecom companies, aviation companies, and critical infrastructure (nuclear power plants, electrical power grids, hydroelectric dams, etc) in Southeast Asia and Central America. When Lotus Blossom targeted Notepad , and users in specific regions (presumably Southeast Asia and Central America) attempted to do an update it delivered "Chrysalis Backdoor". Chrysalis Backdoor is the name intelligence companies invented and now call this malware. Chrysalis Backdoor used a lot of really common malware techniques which truthfully I won't go too much into (API hashing, custom implementations of GetProcAddress, malware nerd stuff). However, what makes this malware very special is it's usage of Microsoft Warbird. Microsoft Warbird is a proprietary technology which is rarely discussed. It is an internal library Microsoft uses to obfuscate it's instruction set in-memory. In other words, it's Microsoft really fancy custom way of preventing people from reverse engineering what Windows is doing when it's running. Unknown to me personally (and a lot of people apparently), in the past few years (2023) some security researchers have discovered ways to discretely use Microsoft Warbird and use it as a weapon. Basically, you can use undocumented APIs in Windows to use Warbird for your malware. This provides a way to hide what your malicious code is doing while it's running without needing any external tooling or custom implementations. They're weaponizing Microsoft's anti-tampering and/or anti-reverse engineering technology for malicious purposes. This is extremely impressive because it shows: 1. Lotus Blossom pays close attention to really talented security researchers or... 2. Lotus Blossom has really good security researchers on payroll Both are totally possible. The remainder of the Lotus Blossom tooling is fairly generic malware stuff and isn't too terribly impressive. Lotus Blossom (unironically) did a very good job hijacking Notepad update infrastructure and weaponizing Microsoft's anti-tampering technology (Warbird).

This is bad. Putty level bad. notepad-plus-plus.org/news/h…

Ambitioniert, liebe Post, ambitioniert.

you have got to be kidding me.

Might need some help from @WorldBollard.

Nicht der Bohne aussetzen?

When asking coding questions

#JUnit 6.0.0 is released! ✨ Java 17 and Kotlin 2.2 baseline 🌄 JSpecify nullability annotations 🛫 Integrated JFR support 🚟 Kotlin suspend function support 🛑 Support for cancelling test execution 🧹 Removal of deprecated APIs docs.junit.org/6.0.0/release…

Using URLs from the browser history for AI prompt injection is creative, I have to admit. 😬🫠

Ouch. Tokens with unrestricted access without any audit logs. What could possibly go wrong?

👀 @KlagenfurtStadt

Ach, wie ärgerlich

Autofahrer zu blöd für Reißverschluss: Jetzt kommt das Klettverschluss-Verfahren der-postillon.com/2017/08/kl…

I cannot stress enough there are four different ads in this screenshot

Unabhängig davon, was wessen Magen verträgt, ist das ein sehr lesenswerte Artikel.

Went through similar fun. This is entire process is uuuuuuh ..... "suboptimal".