romashkatea

Pro tip: Never EVER try enrolling your iPhone on demounit.apple.com You'll regret it later :<

@madebygoogle UPD: it's done. the key's marked as leaked.

How I feel after accidentally finding someone's Gemini API key 😇 @madebygoogle don't you guys have a way to report exposed API keys?

@raccoon_builds @madebygoogle yea ofc I'm not showing you the key lol 😭

@romashka_tea @madebygoogle You show us no api sky only json format.

@SanthProject @madebygoogle Sounds interesting 👀

@romashka_tea @madebygoogle i actually have a tool for doing this. It's GPU-accelerated and can scan binaries, links, GitHub repos, entire computers. pretty much anything that can be scanned. would love to get some feedback! github.com/santhsecurity/…

PSA: APKPure is distributing a malicious copy of Telegram.

"Bricking someone's hardware" is a wild way to say "Vanguard enabled a standard Windows security feature that blocks unauthorized memory access." If a player takes the shady DMA cheat card out of their motherboard, the PC boots perfectly fine. Riot didn't fry their circuits; they just put a lock on a door. And please stop using "false positives" as a shield for people who bought literal hardware exploits. A standard gaming PC doesn't accidentally grow a Direct Memory Access card running custom spoofed firmware. If your PC got flagged by this update, you didn't accidentally download a bad patch; you spent $300 to cheat at a video game and got caught. Nice try though.

Deleting a Google API key doesn't revoke it immediately. Our research found successful authentications up to 23 minutes after deletion across Google's infrastructure. During that window, attackers with a leaked key can still access enabled APIs, including Gemini. Google closed our report as "won't fix."

🎂 IDA Turns 35. From DOS-era disassembler to one of the most widely used reverse engineering platforms in the world... To celebrate, we’re launching: • 35% off new licenses (see eligibility requirements) • Limited-edition swag giveaway • “35 Ways to Use IDA” as told by you • Stories from the past and a few for the future Read all about it here: hex-rays.com/blog/ida-turns…

At this point, @Telegram is just giving up on Android. The latest Telegram beta for Android introduces a new app bar, (or header as they call it) bringing the app's overall design even closer to what iOS offers, completely disregarding what Android users want. Let it be a reminder that the beta that introduced liquid glass in Telegram remains the most disliked beta they've ever released.

scrcpy 4.0 is out 🚀 Try the new flex display feature (and more): github.com/Genymobile/scr…

@GreenShades9 It's been a flag for a while and for whatever reason still hasn't debuted yet? 😭😭😭

Gboard's rounded keys make an appearance on #TheAndroidShow! Are they going to debut soon? #GooglePixel

It's kind of funny how @GrapheneOS wants to let everybody know about the "dangers" of "closed source operating systems" yet they themselves ship precompiled, presigned applications that are included in their OS and are NOT reproducible, the most you can do is compile them out of tree and include them manually. And even then, this is still a MAJOR security risk as their precompiled apps have permissions that you really don't want apps to be granted implicitly. I've attached a photo of all the permissions available to the Messaging app, which is included in GrapheneOS at build-time as a prebuilt application. I should mention this, the aforementioned Messaging application has no form of reproducible builds, meaning the only way to update these apps is for some developer to manually build this application on their build PC, sign it and then push it to a git repo. Imagine the security implications of that. (You can unzip the app yourself to check the manifest too.) github.com/GrapheneOS/pla… This is the module included into GrapheneOS. Meanwhile the actual messaging app is at github.com/GrapheneOS/Mes…. For reasons beyond me, GrapheneOS devs thought it fit to remove the Android blueprints from it, therefore making this app unbuildable inside the Android source itself. #L378" target="_blank" rel="nofollow noopener">github.com/GrapheneOS/pla… The inclusion of said prebuilt Messaging app. It's not just this app either. The included App Store, the Camera app, hell, even the Auditor. All of these apps are presigned and precompiled, and granted implicit permissions to do whatever. Why not compile them in-tree? WHY go out of your way to make them unbuildable by removing the blueprints? It's not about adding one yourself and doing it yourself, that's completely besides the point. The point is, why is some OS claiming to be security focused, yet has the ability to infect devices with a theoretical malware spread with these prebuilt apps? Why are these apps not built in-tree in the first place!? There is literally no excuse, every other app is compiled in-tree except these GrapheneOS inclusions. How does it feel to trust a random person with an app that can theoretically upload all your data to a remote server without your knowledge? Further more, besides doing such things, GrapheneOS devs have the _nerve_ to go forth and cement their beliefs on others? When they themselves don't commit to their standards? If this isn't an absolute form of hypocrisy, I really don't know what is. Maybe this post will instill some form of awareness in die-hard GOS fans. Maybe I'll get to deal with insane backlash. Who knows. At least I'm putting it out there. Maybe one day we'll get to know that this entire project was a honeypot.

Time for some ⚙️ @MishaalRahman Is the loophole really closed, or just relabeled? feat. @jafarov_adam

@Google @MishaalRahman hey mishaal maybe you'll respond?

@Google It's honestly disappointing that you guys don't really care about your customers. We all know that you have an internal tool to recover Pixel devices from one of these recovery modes: Pixel ROM Recovery (Pixel 6-8) BL1 Recovery (Pixel 9) DBL Recovery(Pixel 10)

The first known case of a Pixel 10 Pro getting hard bricked by ARB 🥀 xdaforums.com/t/pixel-10-pro… If only Google made the recovery tools public..

Pixel 10 devices just received an update that contains a bootloader update which increments the anti-rollback counter, preventing from downgrading to vulnerable versions of the bootloader This gonna cause a lot of bricks bhahaha 😭🥀

Hahahahahaha VPNs are HURTING CHILDREN Hahahaha fucking stupid fucks

@OutofGalaxyy Same thing does the iPhone 17 pro at 8x zoom 😭

Even tho the iPhone 17 doesn’t have a 2x telephoto, it’s funny how the camera sort of “imitates” a lens switch there 😭

Looks like they've also leaked the codename of a devboard with Tensor G7: skymap 👀

Google's accidentally leaked the Tensor G7 codename 👀