🔐 LUKSbox v0.3.0 is here! 🎉 Your FIDO2 security key now works EVERYWHERE 🌍 (@Yubico YubiKeys, @nitrokey, @SoloKeysSec, @Google Titan, and more) Enroll it once, unlock the same encrypted vault on 🐧 Linux, 🍎 macOS AND 🪟 Windows. No more platform-locked keyslots. Free & open source (Apache 2.0) 🦀

Kimi K2.7 on Hermes Agent (via @AskVenice ) is impressive.

يستخدم تنظيم القاعدة في جزيرة العرب مؤسسة يقين المناصرة له كأداة لتنفيذ عمليات التجنيد الرقمي،خصوصا تجاه المقيمين في الدول الغربية وذلك عبر طريقتين الأولى من خلال حسابات ظل تقوم بالتواصل مع المنضمون حديثا داخل المجموعات المغلقة التابعة للمؤسسة علي ،سيجنال وواتساب وروكيت شات 3/1👇

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency Proofpoint Threat Research "North Korea-aligned threat actors have made a concerted effort not only to target cryptocurrency and decentralized finance organizations, but specifically to target developers using fake recruiter personas..." proofpoint.com/us/blog/threa… @proofpoint

RTL-SDR Now Runs on iPad M-Series Devices Directly via USB Without Jailbreak rtl-sdr.com/rtl-sdr-now-runs…

I love seeing this kind of surveillance-disrupting experimentation. github.com/Meltedd/scarecrow

One hour until we go live! See you there 👇

It's finally happening! SEAL Certifications are now open for business. 🎉

I do believe I've warned y'all for years about this exact thing.

Using AI to fix random Linux hiccups I run into….is probably the best use case for AI so far. That alone has saved me days and days of time.

Someone found a way to see inside the X phishing panel I shared earlier. Indeed confirms what I thought the capabilities and impact are. Interesting to see how they leverage the OAuth token via the panel directly for controlling the accounts. Thanks for the ping.

Worth noting that the junta reportedly told the US that scam centers near the border would be dismantled before june

Looks like a threat actor under the name BlackTigerAlliance" has released personal information on the executives of Integrity Tech, the Chinese cyber security company accused by the US Treasury department of intrusion into US victims IT infrastructure. 1/2

Chinese-linked actors are targeting edge devices across Southeast Asia, leveraging DoH for C2 communications and large-scale DNS hijacking via iptables. See details: EN: qiita.com/Y4er/items/0b60717… CN: qiita.com/Y4er/items/549cfca…

Greg Maxwell used to send us updated lists of malicious spy nodes that Bitcoin peers should ban. I reached out to him asking for the latest list, and this was his reply:

I have a gripe about @X that I wish @nikitabier could fix, but may be impossible. Recently, RuView went viral. You probably remember it - the Github project that allows you to see through walls with WiFi. It was all over my "For You" and big accounts posted about it. But....Do you recall anyone actually deploying the project? Plenty of folks posted about it...but very few actually posted about using it. Let's look at that briefly. These are the people actually putting in the work and getting near-zero traction. x.com/VladislavGqrxq/status/… - 9 followers, 50 views on his post. x.com/ozansozuoz/status/2058… - 7 followers, 343 views of his reply (to a post with 125k views) After seeing one hype post about the project, I'm more interested in whether it works. But I had to go to @grok to find these posts (thanks bud). Am I doing something wrong, or can @X find a way to surface simple, low-view high-impact posts related to content that gets substantial views?

Organized crime is evolving into a global, tech-enabled threat. From cyber scams to drug trafficking, criminals are expanding their reach & causing real harm. A new UNODC research brief examines how these groups operate and profit: ow.ly/72fe50Z3JoG

1) Avoid KYC 2) Use a commercial mailbox provider (such as UPS Store) for crypto-related shipping 3) Have a plan.

Cyber warfare is not independent from cyber crime. “Authorities are also investigating whether foreign syndicates were involved in a recent cyberattack on the Sri Lankan treasury that resulted in around $2.5 million in losses.”