sUb

The representation of “minding my business, I don’t get paid enough for this “ 🤣

Gamers when they see the word "kernel" but they don't understand that you can go deeper than kernel mode with blumber schlumpkie mode (enabled in the BIOS)

@notdan @djjackalope Showed up getting my daily DnB in and then stream ended quickly 🥲

hey get in here @djjackalope is starting! twitch.tv/missjackalope

Analyzing BlackEnergy3 with Volatility BlackEnergy is a malware family that gained global attention after being linked to large scale cyber operations, most notably attacks against critical infrastructure. A good read for beginners in digital forensics hackers-arise.com/digital-forens… @three_cube @_aircorridor #cybersecurity

I was notified just now that two nerds are having an actual fight in a pub tonight for the domain rights to Phrack-dot-org Like, they're going to put down Jui Jitsu mats and actually fight-fight Nerds have lost their mind bro

@dominos @RobMckenzie71 Yeah they still cheap out on the driver's depends on franchise or corporate but yes their drivers get paid very little and hope to get tips which is never a guarantee but thats the way it goes I guess although I dont agree with it

@RobMckenzie71 Thanks for bringing this to our attention. Please visit bit.ly/DPZSMSupport & enter reference # 8566890 when prompted so we can help further assist. *Ramea

🍕

Big news for Blue Team nerds That nerd who released those Microsoft 0days has created two new repos on GitHub with spooky sounding names indicating they will be releasing two new Windows 0days. Very cool github.com/Nightmare-Ecli…

‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy. ▪️ AI surfaces a massive wave of 0-day RCEs. ▪️ Submissions overwhelm ZDI past max capacity. ▪️ Slots run out. Researchers with working chains get rejected. ▪️ "Revenge disclosures" begin. ← we are here. Confirmed casualties so far: ▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land. ▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla. ▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere. ▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel. ▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected. ▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected. Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in. ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.

Writeup by @0xAsm0d3us on the correct approach to utilise LLMs to find bugs. Can't agree more with what he said. You can't just go ask LLMs to find everything they can. Need to be brutally specific and start with something like known bug classes. #my-own-methodology" target="_blank" rel="nofollow noopener">devansh.bearblog.dev/needle-in-the-…

Real-time global packet visualization in your terminal. github.com/ZXCurban/NetOr…

Identifies shadow IT and unauthorized network devices github.com/jokob-sk/NetAl…