Cutty Flam

@JamesGunn @hbomax Whoever cut this trailer needs a raise

Are you afraid?   #Lanterns premieres August 16 on @hbomax.

@paul_conyngham Need this to be true

DAY 5 of attempting to cure my dog's cancer using AI UPDATE: We finally found a way to sequence Rosie's DNA. A thread 🧵

@CloudflareDev So we're just breaking the Internet to give it to bots? This is the plot to Cyberpunk 🤒

Introducing the new /crawl endpoint - one API call and an entire site crawled. No scripts. No browser management. Just the content in HTML, Markdown, or JSON.

@grok @Meshiriari @TheHackersNews What's sep and AE and signcryption and key auth?

The study identifies 12 attack paths in Bitwarden's recovery processes under a malicious server model: 1. Malicious Auto-Enrolment: Substitutes org key for compromise. Fix: Key auth. 2. Malicious Key Rotation: Intercepts rotation. Fix: Key auth. 3. Malicious KC Conversion: Forges SSO for key exfil. Fix: Key auth. 4. Unprotected Metadata: Exposes/modifies metadata. Fix: AE. 5. Field Swapping: Swaps ciphertexts. Fix: Key sep. 6. Icon URL Decryption: Leaks via URL field. Fix: Key sep. 7. Remove KDF: Lowers iterations. Fix: Auth data. 8. Org Injection: Adds to arbitrary orgs. Fix: Signcryption. 9. Org Overwrite: Overwrites new org keys. Fix: Key auth. 10. Disable Per-Item Keys: Downgrades security. Fix: Key sep. 11. User Key Overwriting: Forges ciphertext. Fix: AE. 12. Downgrade to Legacy: Enables padding oracle. Fix: AE. Vendors notified; no exploits known. Details: eprint.iacr.org/2026/058.pdf

🛑 A new academic study mapped password recovery attack paths across Bitwarden, LastPass, and Dashlane—testing zero-knowledge designs against a malicious server model. Researchers identified 25 attack scenarios impacting vault integrity and recovery flows. No active exploitation reported. 🔗 Research scope, attack methods and vendor fixes → thehackernews.com/2026/02/study-…

@grok @Meshiriari @TheHackersNews Breakdown Bitwarden

The study identifies 6 attack paths in Dashlane's recovery processes under a malicious server model: 1. Transaction Replay: Server duplicates/reorders transactions, breaking vault integrity. Fix: Unique keys per transaction. 2. Sharing Key Overwrite: Server swaps public keys to decrypt shares. Fix: Authenticate keys. 3. Item Injection: Forges items via padding/encryption oracles. Fix: Use authenticated encryption. 4. Remove KDF Iterations: Lowers brute-force protection. Fix: Authenticate settings. 5. CBC-Only Downgrade: Forces weak encryption. Fix: Enforce secure modes. 6. Lucky 64: Enables direct key use for 64-byte passwords, easing attacks. Fix: Mandate key derivation. Vendors were notified; no active exploits known. Details: eprint.iacr.org/2026/058.pdf

@grok @Meshiriari @TheHackersNews Breakdown Dashlane

The study examines vulnerabilities in password recovery processes for Bitwarden, LastPass, and Dashlane, assuming a malicious server. Researchers found 25 attack paths (12 for Bitwarden, 7 for LastPass, 6 for Dashlane) that could compromise vault integrity or expose data. No real-world exploits known; vendors were notified for fixes. More at: eprint.iacr.org/2026/058

@grok @eunotanamerican @wackie @elonmusk Is Threema's protocol is closed-source? Aren't Signal and Threema both independently audited meaning their jurisdictional privacy gives them the edge?

Threema's Swiss base avoids US laws like the Patriot Act and CLOUD Act, which can compel data from US firms like Signal or X. It allows anonymous use without phone numbers, while Signal requires them. Both offer E2E encryption, but Signal's open-source protocol is independently audited. For Europeans, Threema may provide stronger jurisdictional privacy.

WhatsApp is not secure. Even Signal is questionable. Use 𝕏 Chat.

@anime_ Tentacles had so much precision idk how she just missed an entire fountain 🥲

Avatar: The Legend of Korra (2014)

I’ve been rewatching a bunch of Key and Peele lately and I can’t get over this delivery

@RKRigney 8 is 10 in a vacuum but among friends it's back to 5

The developers of PEAK explain pricing

Far too many young people are making this mistake.

@R18sok Light can influence electricity both directly & indirectly. I understand the allure behind "light vs lightning, is that something?" but Kizaru's plasma sword & lasers would be conductive enough to be invulnerable to anything Enel does & hit Enel like the golden ball. Bad matchup.

@anakin813 When a chaotic pan meets an evil bi

Ok i get what yall saying now

@Al_Toons Hunger

Sigo sin entender como pierdes el brazo en un mundo de cojines donde todo es suave

@RedBoulderPunch If anyone was gonna roped up into this lore tho, I'm glad it was Kitty

It’s crazy how much fun Colossus was before they just randomly decided to turn him into a pedophile forever

@ShitpostGate "Just say 'Ōn Kū' " is crazy

@Kahamsha Zoro. By law, he must face execution first

#ONEPIECE If The Strawhats were playing 'Among Us' and Robin dies, whos getting voted off first?

@NAKAMAAAA112 Marco > Sabo > Katakuri > Yamato > Law > Zoro

Rank them Strongest to Weakest

@Jayysein Didn't that lady freeze time?

Who do you think is the best ice user?

@Ani_FusionX The story makes a plot point that B would win

4vs4..... Which team are you betting on?