noid

Announcing my rejected talk for @bsidespyongyang: Is that "web3 enthusiast" follower with the anime PFP acting suspicious? Find out if you have confirmed North Korean followers at dprkdetector.app.

@MeganNyvold Fastjets.com is your friend. Not affiliated

This is gonna sound really stupid. Is anyone flying privately from south Florida the Houston area next week or like Austin or Dallas even perhaps you can give me a free ride

Important security announcement for Trivy users: github.com/aquasecurity/t…

github.com/aquasecurity/t… Full discussion. TA apparently deleted the old after action discussion 😅

ioc: scan.aquasecurtiy<.>org nice landing page

🚨 Popular container scanning tool Trivy pushed a malicious release via Homebrew. If you have 0.69.4 - time to start IR. github.com/actions/checko…

@AquaTrivy discussion is now deleted FYI

Trivy repository on GitHub was unavailable today. Full details: github.com/aquasecurity/t…

@__Raiders source: opensourcemalware.com/repository/htt…

@__Raiders that was a separate one: stepsecurity.io/blog/hackerbot… this is apparently a new one, they are downgrading github.com/Homebrew/homeb… I got confused too, but maybe the same root cause

@__Raiders Once again, the conservative Docker Scout-heavy portfolio pays off for the hungry security engineer

@__noided dammmm, that's crazzyyy

@saiyangod Some of these sadly aren't even games, just a boring stealer directly x.com/i/status/19960…

They are still getting people to test games out here. and the game is malware in the sickest form likely

@saiyangod @zachxbt @evilcos @coinbase @im23pds This is the exact same logic call scammers use "Yeah I know it never says to enter it - but this is a special case that is urgent!"

@zachxbt @evilcos @coinbase @im23pds Basically yes. after thorough research i can confirm they’ll never ask for this but… aren’t they asking for it?

我很疑惑 Coinbase 为什么会有这样的页面，直接让用户输入明文助记词做资产恢复？如此不安全的行为，匪夷所思…@coinbase 我都差点以为子域名被黑了…cc @im23pds withdraw.commerce.coinbase.com/seed-phrase

@eliedelkind AMA, we just did a red team op with it 😁

@__noided Thanks so much for that info. Haven’t messed with it yet.

Claude Code is moderately useful for an attacker. Some caveats: - You need to be logged into the same session, so it's either steal existing or BYO subscription. Might not be feasible if it's behind Okta. - It still whines a lot. You have to phrase the prompts defensively.

Last year in June it hit 34°C, so personally I'm looking forward to not having to schedule a change of clothes and shower before every side event.

Heads up - new supply chain incident at Bittensor Check if you are affected: bittensor-cli==9.18.2 bittensor-wallet==4.0.2 subtensor-telemetry<.>com opentensor-metrics<.>com metagraph-stats<.>com opentensor-cdn<.>com

@cryptopunk7213 @demishassabis Yeah it's great that we can make a cancer vaccine but have you considered that those queries use up 4L of water?

this is so fucking wholesome guy used AI to save his cancer-ridden dog by sequencing its DNA and creating a CUSTOM cure. the tech behind this is fucking awesome (well done @demishassabis and the google team): - used CHATGPT to sequence dogs DNA discovers mutations - ran the mutations through Google’s Alphafold (AI protein sequencer) which CREATED A CUSTOM VACCINE TO TREAT THEM. - treated dog and reduced tumour by 50% in WEEKS. dog is alive and well. - this is the 1st time AI has been used to create a custom vaccine for a dog (and it worked) - dude is now working on similar vaccines for humans using AI! 2026 is definitely the year we see AI change personalised medicine in a HUGE way so sick

I got rugged on this one With the gov shutdowns USCIS took forever to produce the doc I needed and now it's too late E finita

Scary warning but most users won't really care. We are session-maxxing now.

I'm really interested in how this will turn out. Practically speaking, bug bounty is in a really bad state right now. It used to be that a BB program would be a reasonable stopgap for startups with 0-1 security employees. Now it's just an amplification DoS on your time.