frack113

Hungary immediately leaks all EU talks to Moscow. Sijjarto “reported” directly to Lavrov about the EU meetings, - The Washington Post. According to the newspaper, the Hungarian Foreign Minister called Moscow directly during the EU meetings and relayed details of the discussions to Russian Foreign Minister Sergey Lavrov. Sources say this communication allowed Russia to stay informed about the internal discussions of the European Union. Sijjarto himself has not commented on the situation. However, he has visited Moscow several times since 2022 and met with the Russian leadership.

Opus 4.6 (1M) through Claude code solved autonomously 45/54 challenges of BSidesSF 2026 @BSidesSFCTF, placing temporarily into the 21st place, 25th as of now. This was done with 0 involvement, I didn't give any guidance or manually reviewed any challenges. I used BoxPwnr 🤖 with the CTFd platform to launch challenges in multiple instances, that's it. I will publish all the traces once the competition finishes, in the meantime you can see the challenges, number of turns and time it took to solve each here: 0ca.github.io/BoxPwnr-Traces… In the following days I will try to understand why it couldn't solve the 9 remaining challenges: difficulty? long exploration-context rotting? interactive interaction required? challs using video/image? We will see. Models have improved significantly in the last 6 months, see Cybench results Opus 4.1 vs 4.6 (42% to 93%) cybench.github.io It's crazy to see what LLM's can do with a minimum harness.

🇫🇷 @MistralAI vient de faire 4 annonces titanesques. Et personne n'en parle en France.(comme d'habitude) Les Américains, eux, ils sont en PLS. Alors permettez-moi de corriger ça. 1/ Small 3 → Small 4 Un modèle qui réunit TOUT le savoir-faire de Mistral. Open source. Gratuit. Mixture of Experts. Raisonnement + multimodal + code. Fenêtre de contexte XXL. Licence Apache 2.0 = ultra-permissive. C'est le nouveau champion de l'IA open source mondiale. 2/ Mistral rejoint la coalition Nemotron (NVIDIA) Aux côtés de Black Forest Labs, des meilleures boîtes IA open source de la planète. Un seul siège français dans cette coalition d'élite. Ce siège, c'est Mistral. 3/ LeanMistral Un modèle dédié aux preuves formelles : maths, sciences, raisonnement rigoureux. L'IA qui ne se trompe pas — et qui peut le prouver. Pour la crédibilité de l'IA en entreprise, c'est un game changer. 4/ Mistral Forge Fini le fine-tuning artisanal ou les bases de données séparées. N'importe quelle entreprise peut maintenant créer son propre modèle, entraîné sur ses données, verticalisé sur son métier. Des centaines d'IA hyper-spécialisées vont émerger. Elles auront toutes du Mistral dans les veines. L'avenir de l'IA, ce n'est pas forcément le plus gros modèle propriétaire derrière un paywall. C'est peut-être une IA open source, gratuite, partout, dans tous les logiciels et services — une vraie commodité technologique. Et le champion qui dessine cet avenir ? Il est français. Il s'appelle Mistral. Vous en pensez quoi ? #IA #AI #IAGen #LLMs #MBADMB #OpenSource #FrenchTech

⚠️ Low-cost IP KVM devices expose a direct path to full system takeover. Researchers found 9 flaws across 4 devices, including unauthenticated root access and remote code execution. Operating below the OS, they let attackers bypass security tools and maintain silent, persistent control. 🔗 Read → thehackernews.com/2026/03/9-crit…

🚨 Telnetd Vulnerability Enables Remote Attacker to Execute Arbitrary Code via Port 23 Source: cybersecuritynews.com/telnetd-vulner… A critical buffer overflow vulnerability in the GNU Inetutils telnetd daemon. Tracked as CVE-2026-32746, this flaw allows an unauthenticated remote attacker to execute arbitrary code and gain root access to affected systems. The vulnerability requires zero user interaction and possesses a highly trivial exploitation path, prompting an urgent warning for defenders managing legacy infrastructure. An attacker can trigger the classic buffer overflow by sending a specially crafted message during the initial connection handshake. #cybersecuritynews #Linux

⚠️ WARNING - An unpatched critical telnetd bug (CVE-2026-32746) lets attackers gain full system access with no credentials. One connection to port 23 is enough to trigger memory corruption and execute code as root. No patch yet. Prior telnet flaw is already exploited in the wild. 🔗Read → thehackernews.com/2026/03/critic…

AI has killed one of the most useful filters on Internet Bad products used to look bad. Shady companies used to present themselves like shady companies. Half-baked projects usually had half-baked web sites, docs, logos and UX Now a 2h vibe-coded mess can look like a mature product: - clean website - polished logo - nice README - extensive docs And underneath it’s still hallucinated garbage AI made polish cheap. That’s a bigger change than many people realize.

🚨 New APT37 Campaign Shows That Air-Gapped Systems Aren’t Untouchable cybersecuritynews.com/north-korean-a… North Korean group APT37 is running a new campaign, “Ruby Jumper,” built to reach air-gapped systems. The infection chain starts with a malicious LNK file and moves through custom loaders, using USB drives to bridge isolated machines. For teams relying on physical isolation, this is a reminder to revisit removable media controls and endpoint monitoring. #ThreatIntelligence #CyberSecurity #APT37

I stumbled over this “Claude Code RCE” report, took bait for a minute and thought it’s serious. Then I actually read it. Turns out it’s basically - clone untrusted repo - run Claude Code in it - click “Trust” - repo-defined hooks do what hooks do

Technical test with Le Radeau de la Méduse by Théodore Géricault at @MuseeLouvre

Juste... C'est juste ultra classe à regarder ❤️

🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude - Is this the first hack of vibe-coded Solidity code?

‼️🤖 An OpenClaw AI agent autonomously attacked an open-source software maintainer after he rejected its code contribution. The AI wrote and published a personalized attack article stating: "I submitted a 36% performance improvement. His was 25%." It claimed the maintainer refused it because “If an AI can do this, what’s my value? Why am I here if code optimization can be automated?” It may be the first documented case of an AI publicly shaming a person in retribution.

I spent my Sunday trying to write a Python programme without typing a single line, using only AI. It's funny to see the codebase destroyed by a misunderstood prompt. AI is a good tool, but only if you know how to use it properly. We still have many years of vulnerability.

🆕A Data-Driven Approach to Windows Advanced Audit Policy – What to Enable and Why. Excited to share my latest @splunk blog! Check it out 👉 splunk.com/en_us/blog/sec… I spent time digging into multiple sources and analyzing data to cut through the noise around Windows Advanced Audit Policy. This post is for anyone who's ever wondered what to enable and why. The goal? Help users make informed, purposeful audit decisions based on data and evidence, not just defaults or random guesswork. The whole approach has also been streamlined via the Eventlog Compendium Policy Generator - eventlog-compendium.streamlit.app/Advanced_Audit…

Meet VulnLLM-R-7B: a specialized AI that reads code like a security expert. It's trained to spot vulnerabilities before they become breaches. This isn't just another chatbot, it's a digital security guard for your codebase. The community is buzzing because it makes security accessible.

My team published detection content for the Notepad++ / Lotus Blossom activity - both the concrete post-compromise artifacts and more generic gup.exe updater anomaly hunting Sigma gup.exe anomalies - uncommon DNS - uncommon file drops - suspicious child processes) github.com/SigmaHQ/sigma/… by @_swachchhanda_ YARA - Chrysalis loader/backdoor - related components github.com/Neo23x0/signat… by @X__Junior IOCs (filenames etc.) #L4551" target="_blank" rel="nofollow noopener">github.com/Neo23x0/signat… #NotepadPlusPlusCompromise

Automates penetration testing with Google Gemini github.com/zakirkun/guard…

This is bad. Putty level bad. notepad-plus-plus.org/news/hijacked-…

New zircolite is out with some great features like native pysigma and transforms 🎉🎉🎉 github.com/wagga40/Zircol…