Jose Carlos Luna

Today, Telegram notified all its users in Spain with this alert: Pedro Sánchez’s government is pushing dangerous new regulations that threaten your internet freedoms. Announced just yesterday, these measures could turn Spain into a surveillance state under the guise of “protection.” Here’s why they’re a red flag for free speech and privacy: 1. Ban on social media for under-16s with mandatory age verification: This isn’t just about kids—it requires platforms to use strict checks, like needing IDs or biometrics. ⚠️ Danger: It sets a precedent for tracking EVERY user’s identity, eroding anonymity and opening doors to mass data collection. What starts with minors could expand to all, stifling open discourse. 2. Personal and criminal liability for platform executives: If “illegal, hateful, or harmful” content isn’t removed fast enough, bosses face jail. ⚠️ Danger: This will force over-censorship—platforms will delete anything remotely controversial to avoid risks, silencing political dissent, journalism, and everyday opinions. Your voice could be next if it challenges the status quo. 3. Criminalizing algorithm amplification: Amplifying “harmful” content via algorithms becomes a crime. ⚠️ Danger: Governments will dictate what you see, burying opposing views and creating echo chambers controlled by the state. Free exploration of ideas? Gone—replaced by curated propaganda. 4. “Hate and polarization footprint” tracking: Platforms must monitor and report how they “fuel division.” ⚠️ Danger: Vague definitions of “hate” could label criticism of the government as divisive, leading to shutdowns or fines. This can be a tool for suppressing opposition. These aren’t safeguards; they’re steps toward total control. We’ve seen this playbook before—governments weaponizing “safety” to censor critics. On Telegram, we prioritize your privacy and freedom: strong encryption, no backdoors, and resistance to overreach. ✊ Stay vigilant, Spain. Demand transparency and fight for your rights. Share this widely—before it’s too late.

For all the malware devs out there 🦠🧑‍💻 Every infostealer uses a different timestamp format. Some of you even invent new ones. Analysts everywhere are crying while parsing those logs. Please. Just use ISO8601. (One of our clients advised that) Make it a standard among whatever nasty thing you're coding. If you don't know how, please contact us. #ISO8601 #CyberThreat #MalwareDev

doing code review on the 10,000 lines claude code wrote

KASLR on Pixel 😭

CVE-2025-52665 - RCE in Unifi Access ($25,000) catchify.sa/post/cve-2025-…

As a companion we also produced a linux toolkit (mostly a bunch of selected statically compiled binaries) for live / dirty forensics: gitlab.cern.ch/ComputerSecuri…

We’ve (CERN security team) put together a basics Linux forensics cheatsheet to help accelerate the early stages of a potential compromise gitlab.cern.ch/ComputerSecuri… let us know what you think!

Here is our 0day for kernelCTF🩸 - 82k bounty - quickest submission ever - all instances pwned😎 syst3mfailure.io/rbtree-family-… Disclaimer: We apologize for abusing the red black tree family. Turning grandparents against grandchildren is only acceptable in the context of pwn😤

Linux kernel Rust module for rootkit detection Article by Antoine Doglioli about implementing an in-kernel detector for many existing rootkits. The detector is written in Rust. blog.thalium.re/posts/linux-ke…

Accidentally uncovering a seven years old vulnerability in the Linux kernel Article by @andersonc0d3 about finding and analyzing a slab use-after-free vulnerability in the TCP sockets implementation. allelesecurity.com/accidentally-u…

Week 07 - 2025 #DFIR thisweekin4n6.com/2025/02/16/wee…

INVISIBLE.js JavaScript payload to write hidden code! 🫥 → aem1k.com/invisible It uses invisible Hangul Filler characters (U+3164) in combination with JavaScript's "with" statement and a Proxy object to encode and evaluate the script. ㅤ

People will be like, “generative AI has no practical use case,” but I did just use it to replace every app icon on my home screen with images of Kermit, soooo

Beginners introduction to pwntools for exploit development and CTFs Part 1: archcloudlabs.com/projects/pwnto… Part 2: archcloudlabs.com/projects/pwnto… Part 3: archcloudlabs.com/projects/pwnto… #pwntools

Curious about how a PDF can show different content in Safari, Chrome, and Firefox? I’ve just released proof of concept code that lets you generate fickle PDFs. portswigger.net/research/fickl…

I didn't know you could get a PhD in @CTFtime analytics: css.ethz.ch/content/dam/et… .. jokes aside, interesting read and overall exhaustive research 👍

@FFmpeg @Microsoft @MicrosoftTeams

Bought a prison laptop on eBay. Thought it should be just some generic laptop with a clear shell, turns out it's actually a bit more than that.

Reggaeton Be Gone project by @RoniBandini bandini.medium.com/reggaeton-be-g… Machine Learning to detect music style, rfcomn and l2ping bursts to neighbors Bluetooth speaker MAC address to DoS it. Needs more RF power and an effective DoS technique to be successful. Help him!