Ooggle

Hey 👋 I am glad to introduce my latest tool: the @flipper_net Animation Manager This tool aims to facilitate visualization and management of animations on your Flipper from your computer, for both users and content creators! You can download it here⬇️ github.com/Ooggle/Flipper…

Creating cybersecurity report templates shouldn’t be painful. That’s why we built our own template editor, designed from the ground up for security teams. Also thinked for designing your slide deck for client briefings 👌 Easier, faster, smarter. 👾

> be nerds > look into persona (used by discord) > kyc (know your customer) service > used for age verification > search on internet (shodan) > find weird server > image 1 > openai-watchlistdb.withpersona > openai-watchlistdb-testing.withpersona > lolwtf > look inside > supposed to be behind cloudflare to hide ip > openai messed up > not behind cloudflare > real ip shown > using google cloud > lookup cert history > 2023-11-16 created > 2024-02-28 gets cert > 2024-03-04 prod goes live > google stuff > openai and persona partners > partner around timeline of certs > back to searching stuff > find withpersona-gov > look inside > okta (image 2) > lolwtf > look inside > website accidentally leaking stuff > fedramp-private-backend-api > look inside > api .js accidentally exposed > look inside > wtf "SARInstructionsCard" > wtf "app.onyx.withpersona-gov" > wtf "FINTRAC" > wtf "PrivatePartnershipProjectNameCodes" > image 3 > wtf "AsyncSelfie" > look inside > openai, persona, send data to us gov > feds map face to financial records > map face using AI > map face to ICE stuff > api stores data for lots of stuff > image 4 tl;dr persona kyc and openai are frens, using your selfie for verification and sending to ICE (or USGOV in general), using AI to tie to your financial records. see subsequent post for full write-up. its long and not mobile friendly

Pwndbg 2026.02.18 is out! We visualize branches in nearpc, sync ur decompiler (IDA/Binja/Ghidra) via decomp2dbg, annotate stack vars from dbgsyms/decomp, added new cmds for tracing kernel allocs/frees, dump task info: github.com/pwndbg/pwndbg/… Sponsor us: github.com/sponsors/pwndb…

Woosh le replay 🪄 Sourcé, chapitré, touusa ! ✌️ cc @milou__sh @vulnotes 💌 youtube.com/live/goBWKAit8…

A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave projectzero.google/2026/01/pixel-…

Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices. projectzero.google/2026/01/pixel-…

The best ARM chips are illegal. Well, illegal in a rule-sense. It’s caused a lot of drama in the Linux Kernel. Apple, Fujitsu, and NVIDIA implement Total Store Ordering (TSO) in many chips. Closer to x86...very *not* like ARM's traditional weak memory model:

DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices by @DarkNavyOrg media.ccc.de/v/39c3-dngerou…

Blame CloudFlare for Website Issues The Cloudflare Error Page Generator (github.com/donlon/cloudfl…) is an open-source tool for creating highly customizable error pages in the style of Cloudflare.
It perfectly mimics Cloudflare’s famous error page designs (such as the 5xx internal server error pages) and can be embedded directly into your website. You can easily generate static HTML files to replace default error pages, allowing you to quickly shift the blame to CloudFlare whenever your site runs into problems.

Beginners intro to Linux kernel fuzzing and vulnerability research (2024) Part 1: slavamoskvin.com/hunting-bugs-i… Part 2: slavamoskvin.com/finding-bugs-i… Part 3: slavamoskvin.com/finding-bugs-i… Credits @slava_moskvin_ #Linux #cybersecurity

stop using ubuntu 24.04 to host your kernel pwn challenges lmao kqx.io/post/qemu-nday/

We derestricted a number of vulnerabilities found by Big Sleep in JavaScriptCore today: issuetracker.google.com/issues?q=compo… All of them were fixed in the iOS 26.1 (and equivalent) update last month. Definitely some cool bugs in there!

In celebration JPEG XL being reconsidered for inclusion in Chrome, I created the first ever JPEG XL image which displays its own MD5 hash! $ md5sum hashquine.jxl c0dec0007b5246f7428936d9bed2f446 This website does not render JPEG XL yet, so see the links below

Thrilled to finally share what I’ve been building for over a year: Vulnotes👾,a reporting tool for pentesters who are tired of clunky, incomplete solutions. Vulnotes was born from countless hours writing reports and hearing the same frustrations from friends and colleagues.

Nano Banana vs Nano Banana Pro We’re cooked. 💀

animated input overlay for obs

Releasing github.com/TuxSH/3ds_play… - turns out that the 3DS's OS stores a lot more telemetry than what is shown in Activity Log

France's cybersecurity agency was previously actively using GrapheneOS. They helped us by auditing our code and submitting bug reports such as this one: github.com/GrapheneOS/har… They also made suggestions for security improvements to improve protection against exploits.