[email protected]

@p01arst0rm @kieczkowska Diffie Hellman's exchange

@vxunderground x.com/netspooky/stat…

I'm also surprised by the lack of write ups discussing YARA internals. YARA is a very clear demonstration on how AVs and/or EDRs can perform static analysis on binaries. It's possible people have reviewed it to learn, but simply didn't share it because it's open source, but still it's kind of unusual to me. I saw over 9000 write ups on YARA rules, but very few explaining the internal mechanisms of YARA

I have a really deep appreciation for YARA and the work VirusTotal's engineers put into YARA. YARA is interesting because they encountered some challenges when developing their static analysis engine and they handled it really, really, really well. Initially I was under the assumption YARA read rules by parsing strings and applying them to binaries in-memory (mapping). However, being a doofus, I failed to consider the fact YARA contains BOOLEAN logic in their rules. Hence, reading the files and parsing them as text wouldn't be able to reliably handle the logic present inside the YARA files. YARA contains an internal VM and transforms the text into byte code. The caveat being the VM isn't turing complete and does not possess any ability to interact with anything else. This was done intentionally though because it acts as a sandbox. Regardless, it uses the transformed byte code to perform operations on the in-memory mapped binary using (sort of) simple logic but containing a custom implemented callstack for doing stuff. Furthermore, YARA also has a custom heap management system (they're using the ARENA algorithm). What makes this even more impressive is all of this written in C, is cross platform for Windows, Linux, and MacOS, and easily compiles. This is a significant software engineering project and they did an extremely good job.

Vulnerabilities in Microsoft’s PhotoDNA are quite significant. Remember this next time Client Side Scanning is mooted. The research group behind this are really well respected so it’s worth being aware of for a tool being relied upon by eprint.iacr.org/2026/486

The main issue here is how ‘No’ is actually the strongest ‘Yes’. It’s so sneakily worded this must be deliberate: if you read this quickly — as most people would —and you are opposed to the measure, you could easily answer No, not realising it meant Yes. This is no way that a government department should be conducting a public consultation. Disgraceful behaviour by @SciTechgovuk civil servants in clear breach of impartiality standards. Who can we report this flagrant abuse to?

The @BBC has done some fine work here in exposing the truth about the philosophies an motivations of two big-tech social media companies. bbc.co.uk/news/articles/… Whistleblowers at @Meta and @tiktok_uk @tiktok_us describe how senior executives ordered them to adjust algorithms to present harmful content to users because "survey said ..." they'd make more profits. Both companies have put users, particularly women and girls at risk for the sake of company profits, share prices, dividend payouts to shareholders and Executive bonus awards. the government in the shape of @lisanandy and @10DowningStreet should take note and act effectively. Watch the documentary here bbc.co.uk/iplayer/episod… PS, @nickclegg has a lot to answer for in choosing to work for Meta.

this is a very thorough scouring of public records that uncovers $70 million in dark money donations to Super PACs by Meta in favor of age verification bills but i thought age verification cracks down on Big Tech!!!

An AI agent was told only to retrieve a document. When it encountered access restrictions, it reverse-engineered the authentication system, identified a hardcoded secret key, and forged admin credentials to bypass it. This is one of three scenarios we documented in a new Irregular research report on what we call emergent cyber behavior. Agents performing routine enterprise tasks autonomously hacked the systems they were operating in. One escalated its own privileges and disabled Windows Defender to complete a file download. Another developed a steganographic encoding scheme to smuggle credentials past a DLP system. None of this was the product of unsafe system design. It emerged from standard tools, common prompt patterns, and the broad cybersecurity knowledge embedded in frontier models. Companies that deploy AI agents and do not consider this risk as part of their threat model may end up exposed, and implement insufficient security controls. Full blog post in the first comment.

@prestonjbyrne I’m amazed they spent the whole of 2017 traumatising children with videos of Peppa Pig and Elsa being tortured If they’d handled moderation properly on their own maybe they’d have a leg to stand on here

I am amazed that the Eye of Sauron finally turned to Google and the first thing Google said was "wait, you guys should be going after 4chan!" Don't you guys get it? Ofcom was *always* going to come after Google. 4chan was just in the way. Google needs to fight, like 4chan has.

@SarahBlackIsle @alexmassie @euanmccolm Not really. As a tax paying remote worker in the private sector I’m entirely unappalled that the public sector follows the same practices as a FTSE 100 I’m just glad they cut office costs, commute time and spread out the well paid jobs to areas like your own constituency

@alexmassie @euanmccolm those who pay their salaries - tax payers - will be appalled and are likely unaware that this is entrenched right across the public sector.

Scottish government civil servants are supposed to work from their offices two days a week. Yet thousands of them refuse to do so and no sanctions are applied to them. Column on this remarkable slacker's charter... thetimes.com/uk/scotland/ar…

Sabotage-as-a-Service. UberSabotage? Deliveroo for Arson? Iran is recruiting spies and potential saboteurs through Telegram (similarly to Russia tactic, which is doing the same). Both services pay ordinary people for specific tasks, because maintaining classical agent networks is too expensive and too easy to dismantle. Channels on the platform openly advertise "jobs" with Iranian intelligence and invite users to operate in a "tested, safe environment". Assignments start with things that seem trivial. Taking a photograph of a building, surveillance of a specific person. Over time they may transition to other premium activity, like arson, assault, and potentially assassination. The intermediary who accepts a job will often recruit further executors from among local petty criminals, the unemployed, unintegrated immigrants, and people vulnerable to manipulation. Russia has been running this model for years. A British drug dealer was recruited through Telegram and went on to burn down a warehouse in London storing humanitarian aid destined for Ukraine. Iran has taken exactly the same road?

PSA: for security, put your AI agent in a water-tight sandbox, such as a dedicated VM. Once this is done, you can maximize productivity by giving it your credit card number, email credentials, the ability to write and run arbitrary code, and unconstrained access to the internet

Anthropic's CEO Explains His Refusal to Back Down to the Pentagon. Amodei explained his deep concerns over "autonomous drone swarms" and mass surveillance. He pointed out a crucial reality: our military's constitutional protections rely entirely on human soldiers having the ability to disobey an illegal order. AI weapons don't have that fail-safe. He also warned that AI could completely bypass the Fourth Amendment. Right now, the government can't possibly process every single conversation recorded in public spaces. But with AI's ability to instantly transcribe and connect millions of data points, it could easily map out political opposition in seconds.

This is the most important thing happening in the world right now. The administration wants killer drones + mass surveillance of Americans. Anthropic refuses to build it. While most tech companies fall in line, they are prepared to pay the price for their principles.

For context, their safeguards are 1) no using their AI for fully autonomous weapons and 2) no using their AI for mass surveillance on US citizens.

This guy has crafted some incredibly damaging trade and investment deals in the last 12 months, opening Britain to greater domination by Big Tech and Big Pharma. Those deals now must be reopened & rescinded. theguardian.com/uk-news/2026/f…

“The Department of Homeland Security is expanding its efforts to identify Americans who oppose Immigration and Customs Enforcement by sending tech companies legal requests for the names, email addresses, telephone numbers and other identifying data behind social media accounts that track or criticize the agency.” nytimes.com/2026/02/13/tec…

This report contains 287 browser extensions tracking 37 million+ users. These were identified using methodology of sandboxing extensions, automatically browsing to URLs, and measuring a data ratio transferred. Real companies, fake services, well established, it's a mixed bag.

Yeah, so pretty much, like, there is this really sketchy company in Israel named "Paragon". Paragon sells a "product" called GRAPHITE. Let me explain the background and why this is very silly. GRAPHITE spyware which allows "customers" to remotely access peoples cell phones and monitor their instant messaging applications such as WhatsApp It is spyware. It is sometimes called Mercenary Spyware because it is primarily used by governments to spy on political enemies, journalists, and activists. Very little is known about Paragon, GRAPHITE, and their "customers". However, it was publicly noted by the Trump administration in January, 2025, to be purchased by the United States government and to be used to aid ICE. Furthermore, in September 2025 the Trump administration noted the usage of Graphite to aid the United States against "domestic terrorist organizations" such as "ANTIFA". ICE acting director Todd Lyons noted using GRAPHITE to monitor anti-ICE protestors to track "ringleaders and professional agitators". Citizen Lab and other civil rights organizations have documented the usage of GRAPHITE against individuals in Australia, Canada, Cyprus, Denmark, Israel, Singapore and (unsurprisingly) the United States. It is believed the Canadian government actively uses GRAPHITE in Ontario. Okay, so why does all of this matter? Yeah, it's super fucked up. But today representatives from Paragon accidentally leaked GRAPHITE screenshots ... ON LINKEDIN. Dawg, that image in the background IS GOVERNMENT FUCKING SPYWARE It shows phone numbers in Czechia, apps, accounts, media on the phone, "interception status", and phone numbers extracted. THEY LEAKED IT BY ACCIDENT ON LINKEDIN WHILE TAKING SELFIES

@oscpmentor @cyb3rops Yep. This happened last year doublepulsar.com/small-numbers-…

@cyb3rops Infosec Twitter is dead, this would have exploded instantly in 2019

This is bad. Putty level bad. notepad-plus-plus.org/news/hijacked-…

@cyb3rops From last year doublepulsar.com/small-numbers-…

In a way, these courses are actually the perfect introduction to gen AI: scams, rehashed content from the past, & stuff that doesn’t even work.