OpSec Insider

⚠️ The #TorProject has opened a crypto-only crowdfunding round to fund 10 anti-censorship and privacy tools, citing 15 straight years of declining internet freedom and shrinking grant money for nonprofits in the space. #cybersecurity #privacy

Give it the two images and then write the prompt: Apply the surface material and reflective disco-ball treatment from the uploaded Spotify reference image to the second attached logo. Preserve the original logo geometry exactly, including shape, proportions, extrusion depth, bevels, camera angle, composition, and lighting setup. Replace only the material. Recreate the mirrored tile structure exactly as shown in the reference, including the reflective square panels, tile spacing, glossy reflections, specular highlights, and sparkle behavior. Ensure the material wraps seamlessly across all visible surfaces, including the front face and side walls, with physically accurate reflections and light interaction. Do not redesign, simplify, or reinterpret the logo in any way. Maintain the exact visual style, material fidelity, and rendering characteristics of the reference image. The only permitted modification is the overall tile color, which should be changed to [ENTER COLOR HERE] while preserving all other material properties and lighting behavior. Output as a high-resolution, photorealistic 3D studio render with ultra-detailed 8K surface quality, crisp reflections, and clean edge definition.

@OpSecInsider Prompt?

I tried the spotify logo trend, pretty good I think

Full threat model and OPSEC checklist ⤵️ opsecinsider.com/vs-code-extens…

We wrote up the threat model (publisher impersonation, permission inheritance, post-install poisoning, transitive dependency injection) plus a 7-step OPSEC checklist for anyone with commit rights to anything that matters. Pin verified publishers. Pin release ages. Scope tokens.

⚠️ The #GitHub breach by #TeamPCP started with a single poisoned #VSCode extension on one engineer's laptop. That intrusion shape is now the dominant access vector in software supply chain attacks. The developer endpoint is the perimeter, and most orgs are still defending the firewall.

@visegrad24 Europe is becoming the third world

🇮🇹 Just days after Salim El Koudri carried out a terror attack in Modena, Italy, deliberately ramming his car into pedestrians and then randomly attacking people with a knife, two gangs of Tunisian and Egyptian drug dealers staged a violent mass fight over control of drug sales points in the city. At least three people were injured.

@systemdesignone Because an app doesn’t need only code

SOFTWARE ENGINEERS ONLY Why are there zero successful vibe-coded apps?

"I have nothing to hide" is the most dangerous sentence of our generation. retweet if you agree.

@AskYoshik You def don’t know how LLMs works, good job😂

claude opus 4.7, ladies and gentlemen

Isn’t mass surveillance illegal?🤔

Full breakdown and CVE list ⤵️ opsecinsider.com/chrome-critica…

The WebRTC bug (CVE-2026-9111) is a use-after-free, the class of flaw that powers most real-world browser exploit chains. Both Criticals were found internally by Google on April 20. Patched version: 148.0.7778.178. Restart the browser after updating, that is the step most skip.

⚠️ Google has shipped an emergency #Chrome update that fixes 16 vulnerabilities, 2 of them rated Critical. Both Critical bugs are remote code execution flaws, one in #WebRTC and one in the browser's UI layer. Triggered by visiting a malicious page.

Am I old?

Well, malware’s doesn’t need kernel access to steal your browser’s sessions🤔 Everything can be potentially a malware, even pdf’s

Full breakdown and historical context ⤵️ opsecinsider.com/nato-data-leak…

Even if it turns out to be contact-only data rather than classified material, researchers warn the real risk is targeted spear-phishing against named #NATO personnel. The most likely origin is not NATO itself but a third-party vendor, mirroring the 2022 MBDA case and others since.

⚠️ A threat actor is selling what they call a 3.5TB "NATO Database + Confidential Documents" on an underground forum. No verification of source, scope, or authenticity yet. The listing references defense, aerospace, and government organisations tied to the alliance.

@mysk_co You can update the app and after restart it before connecting to internet? If you kill an app it will not work, this is basic computer science 😂

iOS 0 Android 1 On Android, it is possible to update a VPN app while its tunnel is active and still get no traffic leaks 👍

The former CIA officer John Kiriakou says the agency can access phone and laptop mics and cameras. The capability is not hypothetical: the 2017 Vault7 leaks documented exactly that kind of tooling against iOS, Android, Windows and smart TVs. What’s missing publicly is current scope.