PSA: If you used Claude Fable-5 today with memory turned on you just violated all your NDAs. Anthropic requires a 30 day retention policy including human review, and the memory feature (on by default) searches past chats for context, so sensitive historical chats get pulled in.

Signal is 100% right. The greatest trick governments ever pulled was convincing people that freedom and privacy are obstacles to safety. What we are witnessing is not child protection. It is the construction of a surveillance architecture that will eventually monitor, profile, categorize and control every aspect of our digital lives. Today it is age verification and content scanning, tomorrow it is digital identity, then financial monitoring, then behavioural scoring, then access to services conditioned on compliance. The destination is not difficult to see. It is a technocratic system where every interaction is tracked, every transaction recorded, every opinion assessed and every citizen reduced to a data profile managed by governments and corporations working hand in hand. A form of digital neo feudalism where a small unelected class controls the platforms, the infrastructure, the money and ultimately the boundaries of acceptable behaviour. The argument that only criminals should fear surveillance is as absurd as saying only criminals need freedom of speech. Privacy is not evidence of wrongdoing, it is the foundation of human dignity, individual sovereignty and genuine liberty. The UK government is asking citizens to accept the presumption of guilt simply to communicate online. To prove who they are, verify their age and allow their devices to inspect their content before they can participate in modern society. History teaches us that every power granted to the state eventually expands beyond its initial mandate. The technology introduced to detect one form of content today will be used to police entirely different forms of expression tomorrow. The choice before us is not between privacy and child protection, it is between preserving a free society, or constructing the infrastructure of a digital prison that will further enslave us.

List of resources for getting started with IoT/embedded devices vulnerability research (@IamAlch3mist) github.com/IamAlch3mist/Awes… #infosec

Soooo could we soon have the option to disable output indention in Claude Code? @ClaudeDevs pretty please! multiple bug reports are filed - I stopped counting after finding about 10... :) github.com/anthropics/claude… for one. TIA!!

If you're wondering how I get those colorized ping outputs. I use grc (Generic Colourizer). It works with so many tools straight out of the box (df, lsblk, free, ps and more). You can quickly install it with your package manager, for example: $ sudo dnf install grc Add these lines to your ~/.bashrc file if you use Bash: GRC_ALIASES=true [[ -s "/etc/profile.d/grc.sh" ]] && source /etc/profile.d/grc.sh Then reload your shell: $ source ~/.bashrc For Zsh, add this to your ~/.zshrc: [[ -s "/etc/grc.zsh" ]] && source /etc/grc.zsh Then reload: $ source ~/.zshrc For other shells, you'll have to look up their manuals.

Also: SystemD sucks

Just a month later and... 🇪🇺 ChatControl is back! Now they're trying to pass an even more far reaching ChatControl law through the back door, in a form even more intrusive than the originally rejected plan, without needing any of the EU countries votes The new proposal: - total mandatory surveillance of ALL text chats, emails and social media in the EU - obligatory registration of your ID/passport to your chat, email or social media account - minimum age requirement for chat, email and social media apps of 16 (!) The only way to stop this law is if EU countries veto it Read more here by @echo_pbreyer: patrick-breyer.de/en/chat-co…

Read our latest crazy story on the spy who was so successful at pretending he's someone else that the GRU "killed off" his real persona and stranded him with the fake one. Once a fake environmental expert, now he's part of the Russia disinformation machine theins.ru/en/inv/286477

💥 Wiz Research has uncovered a critical Redis vulnerability that's been hiding for 13 years We found RediShell (CVE-2025-49844): an RCE bug in Redis that affects every version of Redis out there. It's rated CVSS 10 - the highest severity possible. The vulnerability lets attackers send a malicious Lua script, escape the sandbox, and execute code on the host. About 330,000 Redis instances are exposed to the internet right now. 60,000 have no authentication. Over 75% of cloud environments are running Redis. Redis released a patch this weekend and we responsibly disclosed everything upon discovery. Huge thanks to the Redis team for their fast response and collaboration ❤️ If you're running Redis: update immediately. Our blog has the full technical breakdown and security recommendations >> wiz.io/blog/wiz-research-red…

Until now, if you lost or broke your phone, your Signal message history was *gone,* a real challenge for everyone whose most important conversations happen in Signal. So, with careful design and development, we’re rolling out opt-in secure backups. signal.org/blog/introducing-… Secure backups will let you save an archive of your Signal messages remotely in privacy-preserving form, refreshed every day. Now available in the latest Android beta release, rolling out to iOS and Desktop in the near future.

TIL that some ipcams that can be found on shodan allow scanning for wifi access points without authentication ....

Russia’s Most Secretive FSB’s Spy Network Unmasked by Souvenir Badges Sold Online — UNITED24 Media united24media.com/latest-new…

I've discovered via code review: 2 zero-click RCE logic bugs in Linux kernel Bluetooth & userspace (late 2024). Exploitable to register rogue HID w/o auth. One allows bonding w/o confirmation, bypassing CVE-2023-45866 @marcnewlin patch. Details: ubuntu.com/security/CVE-2024…

Run a Linux virtual machine in your browser,no server needed

🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read. He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords Media's coverage wasn't detailed enough so I dug into his testimony:

T3S3 adds LoRa Voice Communication Kit lilygo.cc/products/t3-s3-mvs…

The ESP32 “backdoor” mentioned in the article from Bleepingcomputer is another Nothingburger. Rob is correct.

Microsoft just released an impressive tool OmniParser V2 can turn any LLM into an agent capable of using a computer 🔥 You can enable GPT-4o, DeepSeek R1, Sonnet 3.5, Qwen... to understand what's on your screen and take actions. 100% free & open source