baas

Hahahahahaha VPNs are HURTING CHILDREN Hahahaha fucking stupid fucks

Still the hardest logo tech has ever produced

Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them.

Het is oorlog maar niemand die het ziet

Passed the OSEP exam relatively easily. On to OSCE3! #OSEP #OSCE3 #OffSec

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: copy.fail Write-up: xint.io/blog/copy-fail… GitHub: github.com/theori-io/copy… It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

Bijna alle inwoners van Epe getroffen door datalek, 500.000 bestanden gestolen rtl.nl/nieuws/binnenl…

Lovable has a mass data breach affecting every project created before november 2025. I made a lovable account today and was able to access another users source code, database credentials, AI chat histories, and customer data are all readable by any free account. nvidia, microsoft, uber, and spotify employees all have accounts. the bug was reported 48 days ago. its not fixed. They marked it as duplicate and left it open.

hackers as the first group to embrace KYC for access to new models is cutting me deep. we used to be rebels

I warned back in December 2023 (!!!) that push notifications were a major opsec hazard being exploited by US intelligence to break encryption, and now here were are: kitklarenberg.com/p/push-notific…

i'm not satoshi, but I was early in laser focus on the positive societal implications of cryptography, online privacy and electronic cash, hence my ~1992 onwards active interest in applied research on ecash, privacy tech on cypherpunks list which led to hashcash and other ideas.

Bluehammer Privilege escalation via Microsoft Defender. No patch yet github.com/Nightmare-Ecli… #0day #lpe

I just pwned Sweep on HackTheBox labs.hackthebox.com/achievement/ma…

new levels of social engineering if true

Claude code source code has been leaked via a map file in their npm registry! Code: …a8527898604c1bbb12468b1581d95e.r2.dev/src.zip

You can now enable Claude to use your computer to complete tasks. It opens your apps, navigates your browser, fills in spreadsheets—anything you'd do sitting at your desk. Research preview in Claude Cowork and Claude Code, macOS only.

I just pwned Redelegate on Hack The Box labs.hackthebox.com/achievement/ma…

I just pwned Breach on HackTheBox labs.hackthebox.com/achievement/ma…

I just pwned Phantom on HackTheBox labs.hackthebox.com/achievement/ma…

Today @GoogleMaps is getting its biggest upgrade in over a decade. By combining our Gemini models with a deep understanding of the world, Maps now unlocks entirely new possibilities for how you navigate and explore. Here’s what you need to know 🧵