Hey 👋 I am glad to introduce my latest tool: the @flipper_net Animation Manager This tool aims to facilitate visualization and management of animations on your Flipper from your computer, for both users and content creators! You can download it here⬇️ github.com/Ooggle/FlipperAni…

Merci pour tout, repose en paix….

"Dad, what was it like playing CTFs before AI?"

the same technique giving cheaters wallhacks in Valorant is the same one being used in malware to pwn you. Still working no patch, undetected from AV's and AC's. I pulled the source from a cheating forum, built it, and ran it on my fully patched Windows 11 machine. it reads memory straight out of another running program without needing admin, without loading a driver, without calling any API that your EDR monitors. it just uses two normal Windows functions that have existed since the 90s, SetWindowsHookEx and SendMessage. I reversed the root cause in Ghidra. two functions that ship in every copy of Windows ntdll.dll and shell32.dll will blindly execute whatever function pointer you hand them through a window message. Microsoft's own exploit protection CFG signs off on it because they're legitimate functions. no CVE. no patch. 279 stars on GitHub. Microsoft won't fix it because they consider same-privilege process interaction "by design." Chinese researchers found the same technique in live malware back in 2023.

Google paid us $57,000 for two bugs in Chrome. We’re not doing this for the bounty, but it’s always fun to get rewarded. These bugs were found using nothing fancier than a $20/month AI subscription. If you’re curious, come check out our talk at the Real World AI Security Conference at Stanford: seclab.stanford.edu/RealWorl… We haven’t published the Chrome bugs in our MAD Bugs series. They work better as part of something even more fun, stay tuned!

The Legend of Zelda: The Minish Cap (2004) It's been recompiled and ported to PC! With all the modern bells and whistles you'd expect! Gameplay improvements, improved framerate beyond the original 30FPS hard limit, controls and an expanded inventory system which was limited in the original GBA! You can play it on PC and handhelds like the Steam Deck! This is amazing, and Twilight Princess is just around the corner! ENJOY!

Biggest L take I have seen in a while. If they knew how cracked @gf_256 and team is they would know how embarrassing this take is.

Mind blown 🤯 Some smartphones sold in mainland China (like certain OPPO models) can read MIFARE Classic cards, crack the keys in seconds, store them, and then fully emulate the card directly on the phone. No extra hardware. Just the phone. Access control, transit cards, hotel keys… game over. Huge thanks to Ian for showing me this in person. Really eye-opening how far NFC capabilities have gone in some regions. Who else has seen this in the wild? #NFC #MIFARE #TechSecurity​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​ #oppo

Patch your Linux boxes! Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below xint.io/blog/copy-fail-linux…

Il y a un mec qui en a fait un manga... C'est le truc le plus drôle que j'ai jamais lu de ma vie. mangadraft.com/manga/okamari…

Every JWT writeup online covers 2–3 attacks and stops. I got tired of jumping between 40 blog posts, so I wrote the whole thing. All in one place. rmrf.tips/en #infosec #appsec #bugbounty #websec #jwt

Windows defender has been compromised. right now there is a public unpatched exploit that gives any app on your windows PC full system admin access. no password. no popup. nothing your antivirus doesnt stop it. your antivirus IS the exploit. windows defender is the attack vector ransomware gangs can use this to encrypt your entire machine and steal every saved password, browser session, and discord token you have. fully patched windows 11. real time protection on thread

Just put your vbscript inside of html and put that inside of an mp3 in the middle of some frame data and mshta will just... Fucking execute it?!?!

RCE in Ghidra: My fav bugs target security tools. In CVE-2026-4946, you can embed these into your binary, analyst loads binary, Ghidra auto-generates the comments, analyst clicks on it, command executes. Write-up: takeonme.org/cves/cve-2026-4…

this guy literally called this 11 days ago and this was thariq's response lol

Option A: Upgrade iPhone to iOS26 and have to use liquid glass Option B: Get pwned by DarkSword malware I don't know which one is worse

Creating cybersecurity report templates shouldn’t be painful. That’s why we built our own template editor, designed from the ground up for security teams. Also thinked for designing your slide deck for client briefings 👌 Easier, faster, smarter. 👾

> be nerds > look into persona (used by discord) > kyc (know your customer) service > used for age verification > search on internet (shodan) > find weird server > image 1 > openai-watchlistdb.withpersona > openai-watchlistdb-testing.withpersona > lolwtf > look inside > supposed to be behind cloudflare to hide ip > openai messed up > not behind cloudflare > real ip shown > using google cloud > lookup cert history > 2023-11-16 created > 2024-02-28 gets cert > 2024-03-04 prod goes live > google stuff > openai and persona partners > partner around timeline of certs > back to searching stuff > find withpersona-gov > look inside > okta (image 2) > lolwtf > look inside > website accidentally leaking stuff > fedramp-private-backend-api > look inside > api .js accidentally exposed > look inside > wtf "SARInstructionsCard" > wtf "app.onyx.withpersona-gov" > wtf "FINTRAC" > wtf "PrivatePartnershipProjectNameCodes" > image 3 > wtf "AsyncSelfie" > look inside > openai, persona, send data to us gov > feds map face to financial records > map face using AI > map face to ICE stuff > api stores data for lots of stuff > image 4 tl;dr persona kyc and openai are frens, using your selfie for verification and sending to ICE (or USGOV in general), using AI to tie to your financial records. see subsequent post for full write-up. its long and not mobile friendly

Pwndbg 2026.02.18 is out! We visualize branches in nearpc, sync ur decompiler (IDA/Binja/Ghidra) via decomp2dbg, annotate stack vars from dbgsyms/decomp, added new cmds for tracing kernel allocs/frees, dump task info: github.com/pwndbg/pwndbg/rel… Sponsor us: github.com/sponsors/pwndbg/

Woosh le replay 🪄 Sourcé, chapitré, touusa ! ✌️ cc @milou__sh @vulnotes 💌 youtube.com/live/goBWKAit8l4

A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave projectzero.google/2026/01/p…