Felix Ehlers

Security questions from hell #infosec

❗️Security researchers used a low-cost consumer satellite dish to intercept satellite signals and found massive amounts of unencrypted traffic. Revealing: 📡 Military and government comms including GPS data 📡 Credit card transactions 📡 Phone calls and texts from remote cell towers 📡 In-flight Wi-Fi activity

someone at ANTHROPIC just showed CLAUDE finding ZERO DAY vulnerabilities in a live conference demo claude has found zero day in Ghost, 50,000 stars on github, never had a critical security vulnerability in its entire, history... it found the blind SQL injection in 90 minutes, stole the admin api key, then did the exact, same thing to the linux kernel

Every time you load a page, your data travels through physical infrastructure - cables under oceans, satellites overhead, fiber under cities. Most people never think about. That's why I decided to map it. This is Project Backbone. It's free, interactive, and live.

🎗️ "Medium-Sized" LLM Burners Coming Soon! 🔥 This Could Make Local HyperToken Generation a Reality. ⚡️ NVIDIA’s worst nightmare? 😱 ⚙️ Application-Specific Hardware Taalas new PCIe ASIC board would burn the entire medium-sized Qwen 3.5-27B LLM straight into silicon 🤯 (already doing it with small models) Taalos said medium models on ASIC would be available in their lab by Spring '26. 💭Imagine: 🚫 No more loading weights 🚀 ~10,000 Tokens Per Second locally (Llama 3.1 8B already @ 17,000 tps) 💻 Standard PC slot, ultra-low power (10x less) 🔋 🌍 100% offline with no cloud, no GPU farm 💰 Reddit unit cost rumor $300 to $400 🖥️ Imagine HyperToken generation on your desktop. 🤖 AI agents that think at light speed. ⚡️ Are you ready? 👀

BREAKING: A SECOND Sphinx detected in Egypt as scans hint at 'underground megastructure'

Why did the US ban this number in 2001? It sounds insane, but 25 years ago, the Motion Picture Association of America was genuinely trying to delete this number from the internet. You see, back in 1999, a teenager in Norway named Jon Lech Johansen wrote a piece of code called DeCSS. It cracked CSS, the encryption on DVDs. Suddenly, anyone could copy a movie with the click of a button. It was a nightmare for the movie studios. They went nuclear. They sued the hacker magazine 2600: The Hacker Quarterly. They threatened Slashdot, and their lawyers fired out cease-and-desist letters to anyone hosting the code. They called it a digital burglary tool. But the internet found a loophole. A computer scientist named Phil Carmody realized that computer code is just binary ones and zeros. And you can treat that string of binary as a single number. That way, you get a really, really big integer—which is the illegal code. But Carmody knew that just finding any number wasn’t going to be enough, because the government could still ban a random number. So he needed a number that science would be forced to protect. He needed a prime number. You see, the University of Tennessee maintains a prestigious academic database called the Prime Pages. It records the 5,000 largest known prime numbers. Carmody realized that if he could turn the illegal code into a record-breaking prime number, the university would have to publish it. His first attempt was 1,401 digits long. It was prime, but too small. It didn’t crack the top 5,000 list. It wasn’t mathematically interesting enough to save. So, he hacked the math. Use this formula: K × 256^N + B Now, K is the illegal code part. 256^N is the mathematical equivalent of adding useless zeros at the end—like making a book longer by adding blank pages. It doesn’t change the actual content inside. So, he kept adding “blank pages,” shifting the number, until he hit a mathematical jackpot—a 1,959-digit monster. This wasn’t just illegal code anymore. It became the 10th largest ECP prime number ever discovered at the time. It was checkmate. The number was immediately added to the university database. For the MPAA to ban the code now, they would have to order a university to delete a scientific record. You can’t censor mathematics.

110-year-old Turkish grandma shares her secret to a long life: "i never once used Microsoft Teams"

Whoopsi: CVE-2026-20963 is now UNAUTHENTICATED!!!! Patch ASAP. msrc.microsoft.com/update-guide/v… Updated the scanner: github.com/LuemmelSec/Pen…

🚨‼️ We're in contact with the actor behind the Trivy and LiteLLM hack. They told us they are currently extorting several multi-billion-dollar companies from which they've exfiltrated data. They've obtained 300 GB of compressed credentials and are working their way through them as we speak. The LiteLLM compromise alone led to half a million stolen credentials, according to the threat actor. Their message to the world: "TeamPCP is here to stay. Long live the supply chain." They've sent us their new logo (see image) and also teamed up with several threat actors, including Xploiters and Vect.

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

The article shows a proof-of-concept where DOOM is stored across ~2,000 DNS TXT records and executed directly from memory. A PowerShell loader reconstructs the binary via DNS queries, illustrating how DNS can act as a covert payload delivery system. core-jmp.org/2026/03/can-it…

These birds watched someone feed an injured bird, so they all started pretending to be injured too

👌🏼

🛑 ALERT - Trivy, a popular open-source vulnerability scanner, was compromised after attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer. It ran in CI pipelines, stealing creds and tokens, then exfiltrating data or staging it via stolen GitHub PATs. 🔗 Attack flow, impacted versions, fixes → thehackernews.com/2026/03/trivy-…

You can route internet traffic through WhatsApp. Open-source tool. github.com/aleixrodriala/…

A German university ran an experiment with 619 people on phone use. One group quit completely. Another cut just 1 hour per day. The results changed how researchers think about phone addiction:

🚨‼️ CRITICAL: Ubiquiti UniFi Network Application vulnerabilities were just disclosed CVE-2026-22557 CVSS 10.0 Remote path traversal vulnerability allowing an attacker to access and manipulate files, leading to account takeover. No authentication required. CVE-2026-22558 — CVSS 7.7 Authenticated NoSQL Injection allowing privilege escalation.

This is actually insane. Dude hard-coded a WebAssembly (WASM) interpreter into the weights of a transformer, losslessly. In essence, a computer is running inside a LLM that can actually run computations, not infer or guess a calculation like most do today.

This indie dev is making a game where you can literally play as Ancient Egyptian wall art. - Switch between a 3D archaeologist and living 2D art - Survive puzzles that fight back - Progress by mastering both worlds It’s called Fresco. This mechanic is genius.

Therapist: German C isn’t real, it can’t hurt you. German C: