ɥʇɐաʎzzɐɹɔ

Hemeroteca de un personaje que pretende ser presidente.!

🚨Cyber Alert ‼️ 🇪🇸Spain - 𝗦𝗮𝗻𝘁𝗮𝗹𝘂𝗰í𝗮 Spanish insurance company Santalucía disclosed a cyberattack involving unauthorized access to customer policy information. Exposed data included customer names, home addresses, phone numbers, email addresses, and Spanish national ID numbers (DNI). Threat actor: Not specified Sector: Financial / Insurance Data exposure (claimed): Not specified Data type: Customer records, personal data, names, home addresses, phone numbers, email addresses, and national ID numbers Observed: May 19, 2026 Status: Confirmed ESIX©: 5.58 Full details and impact assessment on HackRisk.io

👋 ¡Hola, ministro @oscarlopeztwit! Estará usted ya harto de mí. 😃 Y yo del software que desarrolla su ministerio, así que… ¡empate! 🙃 Le explico la yincana de hoy: Para facturar al sector público proporcionan ustedes un servicio de generación de facturas electrónicas: ✨MiFacturae✨. Lo primero que quiero decirle y agradecerle es que MiFacturae ha mejorado muchísimo. Pero, sin pretender un demérito, también le digo que empeorarlo era imposible. El nuevo MiFacturae solo tiene ahora un problema: ¡no funciona! Se lo explico: Para facturar a un organismo público hay que identificarlo con —que yo sepa— cuatro datos: 1️⃣ Oficina contable 2️⃣ Órgano gestor 3️⃣ Unidad tramitadora 4️⃣ Órgano proponente Pues bien: MiFacturae omite de la factura electrónica este último dato, el órgano proponente. De modo que al remitir la factura al FACe, falla y es rechazada. Esto seguramente esté robando miles de horas productivas mensuales a ciudadanos, empresas y organismos públicos. Si desarrollaran su software en abierto yo podría reportar esto directamente al equipo de desarrollo, como ya hice en abril con dos problemas serios en Autofirma. Pero como no lo hacen, le tengo que molestar a usted. O a su responsable de comunicación, que será —con suerte— el que quizá lea esto. Porque yo como ciudadano no tengo otro camino para canalizarle la frustración ciudadana con la Administración Electrónica estatal. …Y pedir a mis pacientes seguidores, si son tan amables, que redifundan esto, pues es la única esperanza de que llegue a alguien en su ministerio —o en la AEAD o donde diablos sea— con capacidad de mover un dedo para resolverlo. Saludos cordiales, — Jaime

Han tardado en devolvernos la del Yatekomo y nos lo merecemos pero bien

the same technique giving cheaters wallhacks in Valorant is the same one being used in malware to pwn you. Still working no patch, undetected from AV's and AC's. I pulled the source from a cheating forum, built it, and ran it on my fully patched Windows 11 machine. it reads memory straight out of another running program without needing admin, without loading a driver, without calling any API that your EDR monitors. it just uses two normal Windows functions that have existed since the 90s, SetWindowsHookEx and SendMessage. I reversed the root cause in Ghidra. two functions that ship in every copy of Windows ntdll.dll and shell32.dll will blindly execute whatever function pointer you hand them through a window message. Microsoft's own exploit protection CFG signs off on it because they're legitimate functions. no CVE. no patch. 279 stars on GitHub. Microsoft won't fix it because they consider same-privilege process interaction "by design." Chinese researchers found the same technique in live malware back in 2023.

recién leí en linkedin que todos los logos de apps de ia tienen forma de ano y ahora no lo puedo desver.

El Departamento de Justicia del Gobierno del Presidente Donald J. Trump ha dado una Orden que prohíbe, para “siempre”, cualquier investigación o auditoría de la fiscalidad del ciudadano Donald J. Trump, su familia, o sus empresas. No es broma. No es exageración. Literal.

The US Justice Department has ‘forever barred’ the Internal Revenue Service ⁠from pursuing any audits into past tax claims for President Trump, his relatives and his companies, according to a one-page document reut.rs/4nB9qBq

Hoy, en «Software de la Administración Pública y otros crímenes»: 👉 Esto es SOROLLA2, la herramienta de Hacienda para —entre otras cosas— publicar licitaciones en el portal de contratación (PLCSP). 😮 Ahora me pregunto cómo era SOROLLA1. ¿Una Olivetti? ¿Un ábaco? ¿Una piedra?

After he won the Pulitzer Prize, Palestinian writer Mosab Abu Toha was invited onto MSNBC where he was promptly interrogated about why he wasn't doing more to humanize the people slaughtering his family members in Gaza.

Que está calle de Avellaneda se llame Pitágoras me parece extraordinario

Thank you to that young man—who did not turn away or just stand there taking photos of a heartbreaking moment, but instead chose to act and reach out to save a life that was slowly fading away 🦈💖

Stephen Colbert dice adiós a CBS, la cadena que le echa por criticar a Trump, tirando los muebles de su oficina desde la terraza en compañía de su antecesor en el late night, el gran David Letterman. “Fuck you, motherfuckers”.

claude mythos just broke Apple's $2 billion defense system. it did so by discovering a completely different attack vector to break in only took it 5 days costing ~$35K of mythos api time (the same exploit class costs $5-10M on grey market) the researchers that commandeered the exploit produced a 55-page report that was delivered to Apple HQ in-person (hoping they release it after patching). most shocking part for me is apple's MIE worked as intended. mythos just discovered a new way to side-step it entirely by poisoning the data the M5 chip ingested. at this point i think we have to accept that mythos walks the walk. As the anthropic red-team explicitly confirmed this week - this is NOT a compute resource issue. its national defense.

‼️🚨 ALARMING: Google now treats privacy as suspicious behavior by default. Users of GrapheneOS, CalyxOS, /e/OS, and other deGoogled Android phones are being locked out of millions of websites unless they install the exact Google Play Services software they deliberately removed. GrapheneOS is recommended by the EFF and used by journalists, lawyers, and activists in high-risk environments. The audience most likely to read Google's data practices and refuse its terms is now flagged as fraudulent for that exact decision. What happened?: ▪️ Google announced "Cloud Fraud Defense" at Cloud Next on April 22-23, 2026, branding it "the next evolution of reCAPTCHA." Existing reCAPTCHA customers were auto-migrated. ▪️ When the system flags traffic as suspicious, the old click-the-bus puzzle is gone. Users get a QR code instead. ▪️ Scanning the QR code requires Google Play Services running on the device. Internet Archive snapshots show this requirement has been live since at least October 2025, silently rolled out for 7 months before anyone noticed. ▪️ No Play Services = no QR scan = locked out. The bigger picture: ▪️ Google already tried this in 2023. It was called Web Environment Integrity (WEI), and it would have let Google decide which devices were "real enough" to access the web. Standards bodies and the public pushed back hard, and Google killed it. Three years later, the same idea is back, just hidden behind a QR code instead of a browser feature. ▪️ reCAPTCHA runs on millions of websites. Every developer who keeps using it is now, by default, telling deGoogled Android users they're not welcome...

Proxmark5 Indiegogo campaign launching soon! 🗓️ May 12 @ 10am HKT / May 11 @ 6pm US ⏳ Awaiting final compliance approval Follow our LinkedIn page for all updates: linkedin.com/feed/update/ur…

Coinbase’s CEO lays off a ton of employees and says: “Non-technical teams are now pushing code to production with AI” less than 24 hours later: coinbase’s trading engine goes down and somehow even the status page breaks too

Un desarrollador danés, flipando con Autofirma, deja un educado comentario en el repositorio de desarrollo. Es imposible explicarlo mejor: «En el sector privado, lanzar software en este estado supondría un fracaso comercial inmediato. El hecho de que esta aplicación sea obligatoria para los ciudadanos españoles no exime al equipo de desarrollo de cumplir con los estándares modernos de seguridad y distribución. Exige estándares más altos, no más bajos». ¡Necesitamos más software de código abierto en la Administración pública!

‼️🚨 One of the world's largest Certificate Authorities, DigiCert, was compromised by a malicious screensaver file sent through a customer support chat. Their antivirus blocked the malware four times. The agent kept clicking. The fifth try got through. 27 code signing certificates were stolen and used to sign malware. DigiCert ultimately revoked 60 certificates. Per DigiCert's incident report, filed in Mozilla's CA compliance tracker as Bug 2033170, here is how it unfolded: April 2: an attacker contacted a DigiCert helpdesk agent through the company's customer support chat channel, posing as a customer. The lure was a zip file pitched as a screenshot. Inside the zip was a .scr file. On Windows, .scr files are executables, and this one carried a malicious payload. Opening a file a customer sent through the official support channel is what an agent is supposed to do. Support staff are the one role designed to accept files from strangers. DigiCert's endpoint security blocked four infection attempts. On the fifth, the support analyst's machine was infected. DigiCert detected the infection, ran an investigation, and concluded the incident was contained. Eleven days later, an external researcher tipped DigiCert off about misuse of DigiCert-issued code signing certificates in the wild. That tip led to the discovery of a second compromised machine, belonging to a different support analyst, infected through the same vector. The EDR on that machine had not been functioning correctly, so the original investigation missed it. The second machine gave the attacker access to DigiCert's internal support portal. That portal lets support staff reach limited views of customer accounts, including initialization codes for ordered but not-yet-issued code signing certificates. Combining a stolen initialization code with an approved order let the attacker pull a real, validly issued code signing certificate. They did this 27 times. DigiCert's own list of what went wrong: - File-type filtering on the customer support chat channel did not catch the .scr - EDR coverage was inconsistent and incomplete, creating a blind spot - Initialization codes for code signing certificates were not adequately protected DigiCert says it got lucky. An outside researcher found the malware abuse before DigiCert did. Without that tip, the second machine and the active certificate theft might still be running today.

do you understand what just happened to your computer.. Google Chrome secretly downloaded a 4GB AI model onto your device. Without asking.. Without telling you.. It's called weights.bin. It lives deep in your system folders. It powers Gemini Nano - Google's on-device AI. And if you delete it? Chrome re-downloads it automatically. Like nothing happened. Just Google deciding your hard drive is their storage unit. At 1 billion Chrome users - that's 4 BILLION gigabytes of data pushed silently across the internet. The carbon footprint alone equals tens of thousands of cars running for a year. Check your disk right now: 📁 %LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel To stop it: chrome://flags → disable Optimization Guide On Device Model → restart Chrome → delete the folder. Reshare so people know what's sitting on their computers.