SuperfluousSecurity

Interesting, how they used to keep everything fresh without plastic wrap or Tin foil!

The new Copilot app for Windows 11 is really just Microsoft Edge. Renaming "mscopilot.exe" to "msedge.exe" and its folder from "Copilot" to "Edge" will simply launch Microsoft Edge. FYI, The actual Microsoft Edge browser and Edge WebView2 has already been uninstalled.

I'm tired of people stereotyping us computer nerds. It is PREJUDICE. Here are some stereotypes non-nerds push on us. They're all FALSE. According to non-nerds, us nerds do the following: - Excessive caffeine or nicotine intake - Unusual or unhealthy sleep schedule, specifically around 3am and 5am - Apparently have tons of tabs open, or something, in terminal or web browser - Desk messy, covered in cables - Hardware nerds apparently do "experiments" just to see if something works - Notes on paper or whiteboard look like serial killer manifesto - Web cam taped, mic disabled, because of "paranoia" - Strong distrust in tech companies, especially social media - Nerd so intense forget to eat or shower - Spend 8 hours debugging instead of reading something which would take 20 minutes because ??? - Apparently we "don't know an answer" but know how to find it? - Some nerds become irrationally angry about GUIs? - Weird obsession with mechanical keyboards I'm so tired of these stereotypes. Literally none of these are true.

Today I learned Lelu is now a AI programmer with her own github and just co-released Memory Palace to give AI unlimited memory. What a timeline... github link below. Yes, it's her.

This is nuts

BILL GATES’ MICROSOFT CAN ERASE YOUR ENTIRE COMPUTER - AND MOST PEOPLE DON’T REALIZE IT UNTIL IT’S TOO LATE A man is going viral after exposing what millions of Windows users are just now realizing about Bill Gates’ Microsoft. "I think they should have to go to jail for this." Windows updates quietly turn on OneDrive without a plain English warning. Your files don’t get “backed up.” They get moved. Your computer becomes a temporary access point. Microsoft’s servers become the primary copy. Then the trap snaps shut. People report: • Family photos gone • Work files wiped • Years of data erased • Clean desktops with no warning • A little icon asking: “Where are my files?” Many thought it was ransomware. It wasn’t. Turning OneDrive off can delete everything locally. Deleting files to “free up space” deletes them everywhere. The only way out? A buried menu… or a YouTube tutorial. Nowhere does it clearly say: “We are transferring your entire computer to our servers.” Millions clicked “Update” without knowing this was included. If a company can silently take control of your files and delete them with one wrong click - how is this not malware?

It's not enough to say no to mandatory Digital ID. We also need to say no to voluntary Digital ID. Its very existence alone is a threat to freedom, and therefore it should be outright banned as a means of protecting people from danger.

‼️ A BreachForums administrator has allegedly been identified — caught using his real IP and reusing the same passwords across his criminal persona and business accounts. Meet Angel Tsvetkov AKA N/A: a Bulgarian cybersecurity specialist, penetration tester and bug bounty researcher known for responsibly disclosing vulnerabilities in major global platforms.

Two new vulnerabilities have been found in CUPS, CVE-2026-34980 and CVE-2026-34990, which chained together lead to a preauth RCE as root if shared queues are enabled. heyitsas.im/posts/cups/ Beautiful research by Asim Viladi Oglu Manizada

⚠️ Kimsuky APT Uses LNK-Based Attacks to Deploy Stealthy Python Backdoor cyberpress.org/kimsuky-lnks-d… North Korean group Kimsuky is updating its delivery chain, using malicious LNK files to deploy a Python-based backdoor. The infection flow is now split into multiple stages with layered scripts, making detection harder. Payloads are disguised as benign files and executed via scheduled tasks. Variants include a self-deleting downloader and a full backdoor capable of command execution, file exfiltration, and secure deletion. Their objective remains the same, but the execution is now more refined and stealthier. #ThreatIntelligence #CyberSecurity #InfoSec

Keycloak 26.5.7 fixes critical flaws including MFA bypass (CVE-2026-3429) and UMA token theft. Protect your IAM infrastructure—upgrade to the latest version. #Keycloak #CyberSecurity #MFA #IAM #InfoSec #VulnerabilityUpdate #OpenSource securityonline.info/keycloak-secur…

🚨 Holy shit… Deloitte was charged $1.6 million for a healthcare report filled with AI-hallucinated citations. This is the second time in two months they’ve been caught. First an Australian government agency. Now a Canadian province’s Department of Health. And their response? They “stand by the conclusions.” Let me translate that for you: “The AI made up the sources, but trust us, the advice is still good.” That’s a $1.6 million report. For a healthcare system. With fake citations that nobody at Deloitte bothered to verify before submitting. Not an intern’s draft. The final deliverable. The Australian incident was supposed to be a wake-up call. Deloitte even partially refunded that government for the errors. You’d think after publicly embarrassing themselves once, someone would have implemented a basic fact-checking step before hitting send on the next million-dollar engagement. They didn’t. And here’s what makes this story bigger than Deloitte. Every major consulting firm is racing to integrate AI into their workflows. McKinsey, BCG, Bain, Accenture. They’re all doing it. Because AI lets them produce reports faster with fewer junior analysts, which means higher margins on the same $500/hour billing rates. But the entire consulting business model is built on one thing: trust. You’re paying for credibility. You’re paying so that when you hand the report to your board or your minister, nobody questions the sources. The moment that trust breaks, the math changes completely. Why pay $1.6 million for AI-generated analysis with fake citations when you could run the same prompts yourself for $20/month and at least know to check the sources? That’s the real disruption nobody’s talking about. AI isn’t going to replace consulting firms by being smarter than them. It’s going to replace them by revealing that a huge percentage of consulting work was always just expensive research and formatting. And now the clients have access to the same tools. Deloitte’s problem isn’t that they used AI. It’s that they used AI the way most people use AI: paste in a request, take the output at face value, ship it. No verification layer. No human review of citations. No system. The firms that survive this era won’t be the ones who use AI the fastest. They’ll be the ones who build actual verification systems around AI output. The ones who treat AI as a first draft, not a final product. $1.6 million. Fake citations. Twice in two months. And they stand by the conclusions. The consulting industry’s biggest threat isn’t AI. It’s clients realizing they don’t need to pay someone else to hallucinate.

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

🛑 Flowise has a CVSS 10.0 RCE flaw (CVE-2025-59528) now under active attack. A bug in MCP config lets attackers run JavaScript with full system access using just an API token. Over 12,000 exposed instances raise risk. 🔗 Exploitation details → thehackernews.com/2026/04/flowis…

The Income Tax has been deemed Unconstitutional “There's no income tax in America until the Civil War. An emergency one Lincoln pushed after the Civil War, it's repealed 1892. They try to have a peacetime income tax, it’s declared unconstitutional Woodrow Wilson pushes through the income tax, the 16th Amendment in 1913. It's a 1% tax on the top 1% richest people in the country. It's not to tax the people, it’s to go after those robber barons. The Rockefellers, Carnegies, J. Paul Getty's, the Astors. It would be sort of like today that only Warren Buffett and Bill Gates and George Soros, that's what the tax is for. And so you have Taft, pushing through a corporate income tax. And only the extreme wealthy owned corporate stock, so it was a backdoor way to get at them. Teddy Roosevelt was responsible for inheritance tax, because only the extreme wealthy had an inheritance worth leaving. But finally, Woodrow Wilson pushes through the income tax, which is the 1% tax on the top 1% richest people.” And today this is all applied to everyone

An excellent write-up on how Qilin takes out EDR. The fact that 300 different EDR drivers are targeted really caught my attention. This blog outlines a very robust capability set on the part of Qilin, in terms of AV/EDR bypass/disable, which is an interesting correlation when considered along with the astounding number of orgs hit. It gives a hint at the rather obvious point: how effective a ransomware group is at taking out EDR will have a strong influence on how effective they are overall. It has been about three years now, since @Shammahwoods, a few of our friends, and I started loudly sounding the alarm about the kinds of things that evade, bypass, and disable EDR. Others have been sounding that alarm for much longer. Both our security strategies and products need to continue to evolve, to take into account that evading and disabling EDR will remain a top priority for TAs.

Your Internet Fiber Cable Is Secretly Listening to You Right Now. Yes, Really. Telecom fiber in your wall can spy on conversations up to 50 m away using nothing but commercial DAS & AI audio reconstruction. Hong Kong NDSS 2026 paper Researchers turned ordinary FTTH fiber-optic cables into hidden microphones Connect DAS gear to one end to AI reconstructs clear speech from 50 meters away , through walls, no physical access needed. Without laser bugs, No implants Just the cable that's already there. Clear voices even from adjacent rooms. crystal clear in tests. I would say distributed Acoustic Sensing and ML turns standard telecom fiber into a long-range covert microphone. Homes & offices with fiber internet? You're potentially exposed. Attack cost right Commercial gear access to one fiber end. Range tested 50 meters bruhh This is not sci-fi. It's a deployed infrastructure. Welcome to the era where your broadband doubles as surveillance.

Every Stradivarius violin is a recording of 17th-century weather The spruce Stradivari used grew during the Little Ice Age between 1645 and 1715 Cold decades, slow growth, rings so dense the wood vibrates at a frequency no tree grown since can match When you hear a Stradivarius played in a concert hall, you are not hearing a craftsman You are hearing a frozen era of Earth's climate The instrument cannot be replicated Not because the knowledge is lost Because the weather that made it will not return

There is some sort of dark irony that I've seen multiple completely legitimate cybersecurity researchers be banned from GitHub. These are researchers who are verified, clean, years upon years (sometimes decades) of experience. They're well known people. Their code and reasoning for their ban is usually unexplained or deemed "malicious". Then some angry nerd drops a Microsoft zero day exploit on GitHub, a platform owned by Microsoft, yet it remains up.

When I say garage builders are not waiting to ask permission or “go to market” to please the VC class, I am not theorizing. This farmer had a need to get to places at his farm to he built it in his garage. Like all inventions it don’t have to pass any test but his own.