itsme ретвитнул
itsme
373 posts
@sama The hardest the Codex team has ever shipped => fun little bundle. OK Sam.
More details here and already available if you update your app!
x.com/thsottiaux/sta…
Tibo@thsottiaux
Stop tweeting for a hot minute and update your Codex App to find full browser use, global dictation, non-dev mode, a new auto-review mode that is much safer than yolo, in-app docs and PDF viewer, and ... GPT-5.5.
English
Also, a ton of new Codex features coming soon! Fun little bundle w/the new model.
English
itsme ретвитнул
Anthropic said a small group of unauthorized users accessed its new Mythos model on the day it was unveiled
The users got in through a mix of methods, including access linked to a third-party contractor. Anthropic is investigating and has no evidence its systems were compromised
English
@nicowaisman @dinodaizovi High value exploits are not what's standing between threat actors & SMB. As a CISO of an offensive capabilities company, you should already know that.
English
That’s true, but not every company can realistically afford security by default. The real shift is that, before Mythos and similar players, the assumption was that, economically, these exploits would only be used against high-value targets. That assumption has now fundamentally changed.
English
This is the right assumption: assume that your adversaries *already* have exploits for vulnerabilities in software that you depend upon. The goal of security engineering is to proactively design your systems and environments to withstand security failures in that software.
chrisrohlf@chrisrohlf
"Mythos and National Power" - This is definitely worth listening to. I'm an old school security person, so my threat models are always dominated by the assumption that attackers already have knowledge of a systems vulnerabilities. chinatalk.media/p/mythos-and-n… 1/n
English
@HackingLZ a CISO that has never read a DFIR report or his threat intel feed sucks.
English
I would probably argue that companies that couldn’t afford security by default were getting popped and ransomed via design flaws and abuse of functionality issues in Microsoft products or in the lowest cost appliance companies.
The pitch here is that companies like MS, with early access to Mythos, were supposed to improve their products?
Nico Waisman@nicowaisman
That’s true, but not every company can realistically afford security by default. The real shift is that, before Mythos and similar players, the assumption was that, economically, these exploits would only be used against high-value targets. That assumption has now fundamentally changed.
English
itsme ретвитнул
The Wire has all the InfoSec lessons
x.com/Ziggys_Duck/st…
Ziggy_Sobotka@Ziggys_Duck
Season 4 Ep8: Corner Boys Rewind to #TheWire 24th anniversary
English
@thsottiaux where is the 5.4-Cyber Model that you guys pushed it not being only for enterprise (contrary to Anthropic) - or was that just a stunt, since only enterprise got it so far?
English
At this point, producing zero-click full chains and exquisite, stealthy implants for Android and iOS requires so much money—and much more importantly—so much proprietary knowledge and talent, that only two world powers can do it.
The US (plus a little help from FVEY partners). And Israel.
(+ Google Project Zero. But they only do “stunt hacking”, unfortunately)
Literally no one else can build/cobble-together these products and actually manage to maintain these products, against an endless deluge of patches and new mitigations.
Meanwhile… When there is an active terrorist threat against Tim Cook or Sergei Brin, or an event they are attending, like Davos, they are VERY thankful that the great people of NSO and Paragon (and many others) exist. I can promise you that.
There’s even been accusations that a certain other former Google executive deployed these kinds of capabilities against his much younger girlfriend… But I digress.
All of this raises a very key question: What do Apple/Google actually achieve with these endless patches/mitigations, other than making life easier for terrorists, cartel thugs, human traffickers and other total scum, while making life harder for the sheepdogs of Western Civilization who are tasked with hunting them down?
I haven’t herd a good answer to this question
English
@iGotRootBlog @thsottiaux Read it more carefully, this is a higher tier of verification. There is an additional form to fill. Hope this helps.
English
@thsottiaux Got verified for it, don’t see the cyber model in Codex app. What to do?
English
Today we are introducing GPT-5.4-Cyber and expanding our Trusted Access for Cyber (TAC) program.
openai.com/index/scaling-…
English
itsme ретвитнул
Binary Ninja 5.3 (Jotunheim) is released: binary.ninja/2026/04/13/bin…
Major highlights: NDS32 support, AArch64 ILP32 ABI, new Universal MachO UI, command palette upgrade, new type library helpers, ghidra export, updated IDB import, HW and conditional breakpoints, and much more!
English
This is very good malware.
This is solid-solid-SOLID B+ malware, very close to A- malware.
APT37 is using a old-school playbook. They're doing EPO (Entry Point Obfuscation) on a self-delivered binary for evasion. They also unironically are using something akin to cavity infection ... but on themselves. This is something you saw more in the Windows 95 - Windows XP era, not something you see in 2026.
Very cool. I respect it.
The multi-staged fragmentation of shellcode phases is also really, really, really cool. This is (once again) a more old-school technique usually reserved for infected binaries, not self-delivered binaries.
Despite all of these super cool features, APT37 shoots themselves in the foot immediately.
- EAT walking for Kernel32 functionality (???)
- XOR decryption is a huge red flag
- Allocating with PAGE_EXECUTE_READWRITE (???)
- Hardcoded OAuth token (???)
- Used external dependency for AES (???)
Why not use NT functionality to hook evasion? XOR is easily identified in static analysis, why XOR? Allocating memory with VirtualAlloc with RWX is a MASSIVE RED FLAG. They also hardcode a OAuth token ... they can multi-staged shellcode payload with old-school malware techniques but hardcore AN OAUTH TOKEN?
It unironically makes me wonder if they had one old-head malware guy working on it, then they had some newer dude do the non-hardcore stuff. There is a huge gap in skill sets here.
Or the old-head hasn't kept up to date on malware stuff since 2005... or they got lazy... I don't know, really weird.
Virus Bulletin@virusbtn
Genians Security Center uncovers an APT37 campaign that used social networking as an initial access vector. Two Facebook accounts set to North Korea-linked locations were used to screen targets, build trust, and move conversations to Messenger. genians.co.kr/en/blog/threat…
English
Google's Threat Intelligence Group called this "the most technical part" of Predator's exploit chain and said it deserved its own blog post
We wrote it
FDGuardNeonRW, PAC bypass via JSC gadgets, 256-entry signing cache and more, all previously undocumented
jamf.com/blog/predator-…
English
‼️A full-chain one-click exploit for iOS 18 through 18.7, bundled with a bonus stealer called "GHOSTBLADE," is allegedly being sold on a popular cybercrime forum.
‣ Threat Actor: rosestealer
‣ Category: Exploit / Malware
‣ Name: "EL Muncho" Full-Chain Exploit + GHOSTBLADE Stealer
‣ Target: iOS 18 to 18.7
‣ Price: $50,000 (negotiable)
Full-chain exploit stages:
01 - RCE in Safari:
Victim loads a malicious page (one-click) resulting in Remote Code Execution inside the Safari process.
02 - Double Sandbox Escape:
Escape WebContent sandbox to GPU Process to mediaplaybackd (higher privileges).
03 - Kernel Privilege Escalation:
Full kernel read/write, complete control over the device.
04 - Post-Exploitation:
Runs the GHOSTBLADE Stealer, injecting payload into a high-privilege process. All data exfiltrated back to C2.
GHOSTBLADE Stealer dumps:
▪️ sms.db
▪️ ChatStorage.sqlite (WhatsApp)
▪️ Keychain / Passwords
▪️ Wi-Fi Passwords
▪️ iCloud Files
▪️ Telegram Data (messages, Axolotl.sqlite)
▪️ Device Keychain (passwords, Wi-Fi, auth tokens, saved logins)
▪️ Safari Browsing History, Cookies, and Saved Passwords
▪️ Signed-in Accounts and Device/Account Identifiers
▪️ SIM Card / Cellular Information
▪️ Full Location History
▪️ Saved/Known Wi-Fi Networks and Passwords
▪️ Find My iPhone Settings and Location Services Data
▪️ Photos (including metadata, hidden photos, screenshots)
▪️ iCloud Drive Files
▪️ Notes Database, Calendar Database
▪️ Health Data (Apple Health app)
▪️ Cryptocurrency Wallet and Exchange Data (Coinbase, Binance, MetaMask, Ledger, Trezor, Exodus, Phantom)
▪️ Keychain Items Related to Banking/Financial Apps
Operates as hit-and-run with data exfiltrated to C2 and traces/logs deleted automatically.
English
itsme ретвитнул
The problem here was taking something impressive and deciding to frame every crash or bug that can’t ever be weaponized as a cyber weapon.
Exploitability and impact matter not just raw numbers. Look at CISA KEV vs total bugs found per year.
aditya@adxtyahq
Anthropic will say whatever it takes to stay in the headlines. Claude Mythos claims “thousands of vulnerabilities” off just ~198 reviewed cases • only ~198 reports actually reviewed • “thousands” comes from extrapolation • some bugs weren’t even practical to exploit • some were already patched • others blocked by basic defense layers it's all marketing gimmick now.
English
@patrickwardle @objective_see finally someone sane. I've saying this has been known for like 10 years.
English
On the @objective_see blog ....in 2018
"When Disappearing Messages Don't Disappear: the 'dark' side of (macOS) notifications"
objective-see.org/blog/blog_0x2E…
International Cyber Digest@IntCyberDigest
🚨 BREAKING: The FBI has successfully extracted deleted Signal messages from a suspect's iPhone via notification storage, the place where all your notifications are stored for up to one month. Notification storage stores data from all messaging apps, it's a big flaw in iOS. But there's a way to turn it off...
English
How is this news or 🚨breaking ?
This was known for almost a decade now probably. Am I the oly one? Huh?
What in the name of CTI is happening, my feed is filled with this.
International Cyber Digest@IntCyberDigest
🚨 BREAKING: The FBI has successfully extracted deleted Signal messages from a suspect's iPhone via notification storage, the place where all your notifications are stored for up to one month. Notification storage stores data from all messaging apps, it's a big flaw in iOS. But there's a way to turn it off...
English
We did it, say hi to the $100 plan!
It should be the sweet spot for a ton of you. It comes with a ton of codex usage. And yes we are resetting the limits again too as I mentioned yesterday. Let’s keep building!
OpenAI@OpenAI
We’re updating our ChatGPT Pro and Plus subscriptions to better support the growing use of Codex. We’re introducing a new $100/month Pro tier. This new tier offers 5x more Codex usage than Plus and is best for longer, high-effort Codex sessions. In ChatGPT, this new Pro tier still offers access to all Pro features, including the exclusive Pro model and unlimited access to Instant and Thinking models. To celebrate the launch, we’re increasing Codex usage for a limited time through May 31st so that Pro $100 subscribers get up to 10x usage of ChatGPT Plus on Codex to build your most ambitious ideas.
English