David Papp

@GergelyOrosz Here is a bus AD from SF:

And it gets even better… you cannot invent this Delve didn’t do basic security config on Supabase it seems while advertising with it 😱

Chefs kiss. Delve issues “vibe complaince” rubberstamp SOC and other certifications, while leaving their own door wide open w sensitive documents unsecured… for who knows how long. Security 101 A cautionary tale of a complaince startup faking everything, and almost making it

eBPF-based process jailing system that provides mandatory access control (MAC) for Linux github.com/gen0sec/jailer

@blueteamsec1 We made an implementation you can try. github.com/gen0sec/jailer

BpfJailer: eBPF Mandatory Access Control dlvr.it/TQLLKq #cyber #threathunting #infosec

We are working on an SELinux alternative. The original idea comes from Meta; we made our implementation. It's still in development, but you're welcome to try it. github.com/gen0sec/bpfjai… #cybersecurity #jail #ebpf #bpf #linux #kernel

The Average Salary vs. Home Prices This chart is insanity.

Ubisoft may be in serious trouble. All upcoming Ubisoft games could be leaked very soon if recent reports are true: 🤯 🟢 Hackers have allegedly exfiltrated the source code for all Ubisoft products from the 1990s to the present day, including games, Uplay, and more. 🟢 For 48 hours, the attackers reportedly had access to over 900 GB of data. The victims are said to be Ubisoft and Crytek. 🟢 If Ubisoft does not pay the ransom, and it is confirmed that the data was successfully extracted, it is expected that the production and development materials for all upcoming Ubisoft titles and remakes currently in development will be leaked. 🟢 The hack was allegedly carried out via MongoDB, using a security exploit now known as “MongoBleed.”

BREAKING: MongoDB Introduces Surprise Holiday Feature FOR IMMEDIATE RELEASE PALO ALTO, CA — MongoDB is thrilled to announce MongoBleed™, an innovative new feature that proactively shares your database contents with the broader internet community. "For years, customers asked us: 'How can we make our sensitive data more accessible?'" said a spokesperson we definitely didn't make up. "MongoBleed answers that call. No authentication required. No consent needed. Just pure, frictionless data liberation." Key Features: - Zero-Click Sharing: Your passwords share themselves! - Decade of Trust: We've been quietly beta-testing this since 2015 - Holiday Launch: Because nothing says "Merry Christmas" like your production secrets on GitHub - Elastic Integration: Built by someone who definitely understood the assignment Customer Testimonial: "I was enjoying Christmas dinner when I got paged. My database was sharing our user credentials with the world. It really brought the family together—around my laptop, watching me cry." — Definitely a real IT admin What's Next? We're excited to announce our 2026 roadmap includes: - Automatic password broadcasting to Shodan - AI-powered secret harvesting (we're pivoting to AI!) - A Slack integration that just posts your .env files directly to #general About MongoDB: MongoDB is the database that believes data wants to be free. Very, very free. doublepulsar.com/merry-christma…

Last quarter I rolled out Microsoft Copilot to 4,000 employees. $30 per seat per month. $1.4 million annually. I called it "digital transformation." The board loved that phrase. They approved it in eleven minutes. No one asked what it would actually do. Including me. I told everyone it would "10x productivity." That's not a real number. But it sounds like one. HR asked how we'd measure the 10x. I said we'd "leverage analytics dashboards." They stopped asking. Three months later I checked the usage reports. 47 people had opened it. 12 had used it more than once. One of them was me. I used it to summarize an email I could have read in 30 seconds. It took 45 seconds. Plus the time it took to fix the hallucinations. But I called it a "pilot success." Success means the pilot didn't visibly fail. The CFO asked about ROI. I showed him a graph. The graph went up and to the right. It measured "AI enablement." I made that metric up. He nodded approvingly. We're "AI-enabled" now. I don't know what that means. But it's in our investor deck. A senior developer asked why we didn't use Claude or ChatGPT. I said we needed "enterprise-grade security." He asked what that meant. I said "compliance." He asked which compliance. I said "all of them." He looked skeptical. I scheduled him for a "career development conversation." He stopped asking questions. Microsoft sent a case study team. They wanted to feature us as a success story. I told them we "saved 40,000 hours." I calculated that number by multiplying employees by a number I made up. They didn't verify it. They never do. Now we're on Microsoft's website. "Global enterprise achieves 40,000 hours of productivity gains with Copilot." The CEO shared it on LinkedIn. He got 3,000 likes. He's never used Copilot. None of the executives have. We have an exemption. "Strategic focus requires minimal digital distraction." I wrote that policy. The licenses renew next month. I'm requesting an expansion. 5,000 more seats. We haven't used the first 4,000. But this time we'll "drive adoption." Adoption means mandatory training. Training means a 45-minute webinar no one watches. But completion will be tracked. Completion is a metric. Metrics go in dashboards. Dashboards go in board presentations. Board presentations get me promoted. I'll be SVP by Q3. I still don't know what Copilot does. But I know what it's for. It's for showing we're "investing in AI." Investment means spending. Spending means commitment. Commitment means we're serious about the future. The future is whatever I say it is. As long as the graph goes up and to the right.

@_DavidCodes @theo if you don’t need CDN us.

@theo What is a legit alternative though? I will switch in a heartbeat

Cloudflare isn’t going to recover from this reputation damage for years

There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it. A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately. react.dev/blog/2025/12/0…

Do you remember when you joined X? I do! #MyXAnniversary

@s_chiriac XDR with eBPF-powered firewall and proxy. github.com/gen0sec/synapse

💥 Pitch your startup: - Max 6 words - Add your link Seen by 50,000 people last week. Yes, it counts as marketing, go!🚀

@MaziyarPanahi @AnthropicAI @Google @OVHcloud If you are using fail2ban, you can easily automate this issue. If you have multiple servers, our platform can handle it.

Our local GitLab server has been under attack by @AnthropicAI, @Google, @OVHcloud and more! These companies have been hammering our GitLab server, trying to scrape every Haskell commit we made in our lab, resulting in the whole server becoming unresponsive! This is only today!

@samlambert @jasonlong Nice! I like it

🤌🏻 @jasonlong

We released our @kubernetesio operator! Now, our security agent, Moat by @arxignis, is simple and easy to install. #arxignis #kubernetes #moat #firewall #ebpf github.com/arxignis/moat github.com/arxignis/helm-…

@brankopetric00 And you can collect lots of information TCP fingerprint and SSL fingerprint also. Try Moat! github.com/arxignis/moat

NLB (Network Load Balancer) pricing is structurally cheaper for high-throughput, low-payload TCP traffic. NLB is based on Connection Hours and $0.006/LCU. ALB is based on LCU and Processed Bytes ($0.008/LCU, $0.008/GB). Low-volume L7 traffic (HTTP/S) is cheaper on ALB; high-volume, low-payload L4 (TCP) traffic is cheaper on NLB. For applications where data processing is negligible, NLB is structurally cheaper due to lower LCU rates and the absence of a processed byte component.

@dreszer Tobbe kerul annak a 20 fos teamnek a berre mint amennyi profitothozna.

Komolyan mikor jutunk el a magyar nyelvig? Gondoljatok bele mennyire nevetséges, hogy a világ egyik legnagyobb cége annyira nem képes a ChatGPT után 2 évvel (akivel összebútoroztak), hogy felvegyen minden országban egy 10-20 fős teamet aki ezt lehozza és supportálja. Vicc.

Happy Monday, everyone! New day, new integration @arxignis, with @datadoghq, is a powerful solution. @datadoghq actions and workflows are a great way to create a trigger for Arxignis Signal and block an IP with eBPF.

RIP, my PlayStation exploit died. gist.github.com/TheOfficialFlo… Works upto PS4 13.00 and PS5 12.00. Patched on PS4 13.02 and PS5 12.02.

@brankopetric00 Traefik and Nginx are also great solutions. However, SSL certificate handling is not too good. Use Moat with any web server. github.com/arxignis/moat

We were choosing a K8s Ingress Controller. Nginx vs. Traefik. Nginx: - Pros: We all knew Nginx. Battle-tested. Performant. - Cons: Config is complex. Adding a new route meant editing a ConfigMap and reloading. Traefik: - Pros: Uses K8s CRDs. Adding a new IngressRoute is a simple YAML apply. Auto-discovers services. - Cons: Newer, less familiar to the team. We chose Traefik. The developer experience of just creating a CRD (`IngressRoute`) in their Helm chart was the killer feature. It fit the 'K8s native' way of working.