Verifying myself: I am locknload on Keybase.io. L90CEo2bVrTjhv1CvMgCCa9-EyiFEAjAV1By / keybase.io/locknload/sigs/L9…

- XZ utils backdoor: found by guy debugging 200ms latency - LiteLLM hack: found by guy debugging oom issue These could have been the most impactful compromises ever. Forget security vendors, weaponize your engineers’ autism.

Yeah, so basically it turns out Meta has been heavily lobbying online age verification laws. They've lobbied over $2,000,000,000 to politicians in form of grants and donations. x.com/bee_fumo/status/203246…

If you use a personal phone/laptop for your work, pay very close attention to this little detail. Iran attackers wipe 200k devices at a company called Stryker. Within those devices appears to be employees PERSONAL devices. The attackers used the company’s MDM software, which is basically IT management software running on everything. It’s an incredibly attractive backdoor to an attacker. I successfully targeted MDM software for several Red Team engagements. It’s… lots of fun :) Anyway, a lot of companies require you to install their MDM software on your personal devices before you can access resources like Corp email. It’s used to keep devices updated, lock things down if they get stolen, etc. The company often promises that they won’t access personal data, erase any personal data, etc. But this is often ONLY POLICY. If a bad actor gains access to the MDM tool, as was the case here, then anything can happen. People should be aware of these risks. I refused to run MDM software on any of my personal devices. The company needs to provide me with hardware if they want that. I personally isolate all corp devices to their own network too. If an adversary can get into the corp laptop, then can then get inside my network… there have been cases of it happening in the past.

BREAKING: powerful iPhone hacking tools used by Chinese criminals originated from US defense giant L3 Harris. The $LHX zero-click exploits went to Russian spies too. Unbelievable harm to our collective security. Scoop by @lorenzofb, here's why this matters 1/

God's eye view 24-hour replay of Operation Epic Fury. The Iran strikes kicked off and I set an AI agent swarm loose to record every OSINT signal I could find before the caches cleared. Built a full 4D reconstruction in WorldView. I can scrub through minute by minute and watch the whole thing unfold on a 3D globe: > Airspace clearing over Tehran > Ground strike coordinates locking in > Severe GPS interference blinding the region > EO and SAR satellites making passes over the strike zone > No-fly zones locking down 9 countries > Shipping fleets scrambling at the Strait of Hormuz It's pretty amazing how complete of a picture you can build without "proprietary data fusion" -- one dev with public signals and a love for computer graphics and geospatial intelligence. Thank you for all the love on my last post. Dropping WorldView in April. This my friends is just the beginning.

Think your guest Wi-Fi is isolated from your main network? Think again. AirSnitch (NDSS'26) breaks client isolation on every router tested: from home APs to enterprise WPA2/3-Enterprise. Full MitM in seconds, sometimes leaking WPA2 traffic in plaintext. Technique breakdown & tool usage: 🔗 community.penthertz.com/t/ai…

The general counsel of Paragon, uploaded a picture on Linkedin today showing the Paragon spyware control panel. The panel shows a phone number in Czechia, Apps, Accounts, media on the phone, the interception status and numbers extracted from various apps.

Yeah, so pretty much, like, there is this really sketchy company in Israel named "Paragon". Paragon sells a "product" called GRAPHITE. Let me explain the background and why this is very silly. GRAPHITE spyware which allows "customers" to remotely access peoples cell phones and monitor their instant messaging applications such as WhatsApp It is spyware. It is sometimes called Mercenary Spyware because it is primarily used by governments to spy on political enemies, journalists, and activists. Very little is known about Paragon, GRAPHITE, and their "customers". However, it was publicly noted by the Trump administration in January, 2025, to be purchased by the United States government and to be used to aid ICE. Furthermore, in September 2025 the Trump administration noted the usage of Graphite to aid the United States against "domestic terrorist organizations" such as "ANTIFA". ICE acting director Todd Lyons noted using GRAPHITE to monitor anti-ICE protestors to track "ringleaders and professional agitators". Citizen Lab and other civil rights organizations have documented the usage of GRAPHITE against individuals in Australia, Canada, Cyprus, Denmark, Israel, Singapore and (unsurprisingly) the United States. It is believed the Canadian government actively uses GRAPHITE in Ontario. Okay, so why does all of this matter? Yeah, it's super fucked up. But today representatives from Paragon accidentally leaked GRAPHITE screenshots ... ON LINKEDIN. Dawg, that image in the background IS GOVERNMENT FUCKING SPYWARE It shows phone numbers in Czechia, apps, accounts, media on the phone, "interception status", and phone numbers extracted. THEY LEAKED IT BY ACCIDENT ON LINKEDIN WHILE TAKING SELFIES

If your Mayor doesn't do this. You need a new Mayor

Back when creativity was alive. Now sadly, all the phones looks same 😔

Another standout in our Hacking Humble Bundle! If you want crypto intuition without hand-waving, this book delivers: AES-GCM internals, elliptic curves, TLS, GHASH, and more. Grab it in our bundle along with 17 other DRM-free hacking titles: humblebundle.com/books/hacki…

"Self Protection Jammer Systems" , a new book on jamming of radar-guided systems, radar warning receiver systems, and self-protection jammers, written by a retired Turkish EW colonel. Added to my list of studies on the jamming topic.

The first text message in history was sent 33 years ago today. It read, “Merry Christmas.”

📶

🥷🤑

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/germany…

📶

Bitwarden wouldn't do this.

remember kids, xml is the ugly cousin who picks his nose at family events. always ensure you treat it accordingly

"This show knows how to grab a viewer… this jaw-dropping tale is like The Wire, cleverly built around the messages. It’s hugely revealing” The Guardian.